Cyber-Mercenary Groups Shouldn't be Trusted in Your Browser or Anywhere Else

Discussion in 'other security issues & news' started by mood, Feb 23, 2019.

  1. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    39,499
    Cyber-Mercenary Groups Shouldn't be Trusted in Your Browser or Anywhere Else
    February 22, 2019
    https://www.eff.org/deeplinks/2019/...ldnt-be-trusted-your-browser-or-anywhere-else
    Bugzilla: Add DarkMatter Root Certificates
     
  2. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    2,096
    Location:
    Italy
  3. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    2,096
    Location:
    Italy
    No comment?
    How about disabling QuoVadis certificates?


    202.JPG
     
  4. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,396
    Location:
    U.S.A.
    The problem is not the QuoVadis root certificate. BTW - a CA 2 one exists in the Win root CA store. The issue is DarkMatter wants Mozella to approve them as root CA store issuer in FireFox.

    As far as the Intermediate cert. issue, the browser downloads those as needed from the web site server. You have to get a copy of the DarkMatter one and download it to the Win Intermediate CA store. Then untrust it. Don't know if FireFox maintains a permanent Intermediate CA store as it does for the root CA store. If it does, you could download the DarkMatter Intermediate CA cert. there and untrust it if so allowed by FireFox.
     
  5. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,396
    Location:
    U.S.A.
    Bleepingcomputer.com just published an article with more detail on this issue: https://www.bleepingcomputer.com/ne...equest-to-be-trusted-root-ca-raises-concerns/ .

    Scrolling down to the bottom of the article yields:
     
  6. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,396
    Location:
    U.S.A.
  7. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    2,096
    Location:
    Italy
    In the comments (gHacks) it is reported that ProtonMail no longer works without QuoVadis.
     
  8. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,396
    Location:
    U.S.A.
  9. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    2,096
    Location:
    Italy
    :thumb:
    Case closed.;)
     
  10. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    39,499
    Mozilla blocks spy firm DarkMatter from Firefox citing ‘significant risk’ to users
    July 9, 2019
    https://techcrunch.com/2019/07/09/darkmatter-firefox-certificates/
     
  11. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    39,499
    ...Google is following suit:
    Google blocks websites certified by DarkMatter, after Reuters reports
    August 1, 2019
    https://www.reuters.com/article/us-...arkmatter-after-reuters-reports-idUSKCN1UR5JD
     
  12. Stefan Froberg

    Stefan Froberg Registered Member

    Joined:
    Jul 30, 2014
    Posts:
    747
    But why they want so so sooooo badly to get that root CA issuer status?

    I mean can't you do damage also with rogue intermediate cert as with rogue root cert?
    After all, there has been..."accidents"...happened before in historywith intermediate certs too ...
    https://www.computerworld.com/artic...ty-issues-rogue-certs-for-google-domains.html

    That would explain why I can't see a single intermediate cert stored on my Linux box. Only 280 root certs, few of them expired and about ten owned by QuoVadis (cute, somebody knows Latin...)
    Why the mozilla not keep track of intermediate certs too? I mean, it's annoying as **** that I would have to visit and download every single of those over thousand of intermediate certs, put them to my store, go throught them and untrust fishy ones. There *must* be a intermediate cert list somewhere....

    And I can't believe there is no easy way on Linux to list all those root certs in human readable form...so I made a small tool to list them.

    https://www.orwell1984.today/cname/QuoVadis.png

    After reading that EFF stuff and Protonmail stuff. I don't kno what to think. Maybe QuoVadis can be trusted or not.
    But dang...this cert system is totally a mess...

    And that security researcher in EFF stuff is right: telecom operators that sell spy boxes to dictator countries should not
    be allowed in cert business!

    https://www.orwell1984.today/cname/TeliaSonera.png
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.