A paranoid Firefox/Mozilla add-on. Why So Paranoid? Your web browser trusts a lot of certification authorities and chained sub-authorities, and it does so blindly. "Subordinate or intermediate certification authorities" are a little known device: The root CAs in your browser can delegate permission to issue certificates to an unlimited amount of subordinate CAs (SCA) just by signing their certificate, not by borrowing their precious private key to them. You can even buy yourself such a CA from GeoTrust or elsewhere. Here's a friendly example of a certificate issued by an ICA. You never knew your browser trusts the Bavarian National Library, right? It is unclear how many intermediate certification authorities really exist, and yet each of them has god-like power to impersonate any https web site using a Man in the Middle (MITM) attack scenario. Researchers at Princeton are acknowledging this problem and recommending Certificate Patrol. Revealing the inner workings of X.509 to end users is still considered too hard, but only getting familiar with this will really help you get in control. That's why Certificate Patrol gives you insight of what is happening. If you still think a MITM attack is unlikely to happen to you, read this user report.

What Does CertPatrol Do? You'll see certificate information pop up whenever you visit a new https: website, including https://addons.mozilla.org for example. "New" is anything Patrol hasn't seen and stored yet. You are also prompted whenever a web site updates its certificate and given the opportunity to compare the two certificates side by side, line by line. Click the screenshot for an example: Even if you do not fully understand what is shown to you, you get a chance of distinguishing legitimate from suspicious changes. Here's a little list of things to look out for: If the old certificate is about to expire (Validity / Expires On), it was necessary to replace it with a new one. CertPatrol will check this for you. In most cases web sites keep using the same certification authority (Issued By) over time. Should the web site have changed its certification authority, make sure the old certificate was about to expire. CertPatrol will assist you with this. You may want to consider the most popular CAs (like maybe CAcert, Entrust, Equifax, GoDaddy, NetworkSolutions, Thawte and VeriSign.. to mention some) to be less likely to help in MITM attacks, but that is only a guess. Especially since in each country local CAs may be legitimately well established. Comodo, GeoTrust, GlobalSign, QuoVadis, RSA WebTrust and StartCom are known to offer intermediate CA for money. Still StartCom is extremely popular with small and private web sites for its free services. If all certificates you see are always issued by the same certification authority, you should be very suspicious. Try searching for random https: sites and see if they still all seem signed by the same CA. In case of doubt install the Perspectives add-on to make further checks on the credibility of a certificate. The downside of Perspectives is, you reveal who you communicate with to an external service — so better only use it when necessary. If the web site is important to you, make a research on the name of the new CA. Make a phone call to the owner of the web site and ask them to confirm the SHA1 fingerprint shown on your screen. The fingerprint is currently close to impossible to falsify. Ask them to send you future certificate fingerprints by snail mail before they install it. Some clustered sites such as bookryanair.com make things more complicated by using several inconsistent certificates for the same domain name. That will look unnecessarily suspicious. Usually such certificates will look very similar to each other and appear to be changing frequently. We can only hope for these companies to fix their set-ups. It is very important to understand that certificates do not make a statement about the trustworthiness of a web site, but whether that web site is indeed what you think it is. In practice you should always be very suspicious if there are problems with your electronic banking or other sites you trust for very important operations, whereas you can probably relax if a certification problem arises for a web site that you are merely intending to have a quick look at. The more a web site is important to YOU, the more you should be cautious! That is the most essential rule of thumb in dealing with the wild west of Internet certification today.

Install. CertPatrol is designed to work with Firefox and SeaMonkey (click to go to the appropriate installation page). We have configured it to also install into Thunderbird, Sunbird and Fennec, but we haven't explicitely tailored it for use with these applications (yet). Installiere die deutsche Version. Installa la versione italiana. If you can't wait for the Mozilla staff review, you can preview the next CertPatrol version right here. Source code. If you're familiar with Javascript it is easy to read and understand Certificate Patrol. Just go into content and look at CertPatrol.js. View source code (anyone, possibly not current version). View source code (Version 1.1 for Mozilla developers only). git clone git://git.psyced.org/git/certpatrol (Code repository). You can also look at these files after installation, they are in the extensions/CertPatrol@PSYC.EU folder in your Firefox/Mozilla configuration. Credits. Prototyped by 20after4 (Mukunda Modell), reengineered by Aiko Barz. Originally conceived, planned and continously refined by the lynX (Carlo v. Loesch).

Reviews. Certificate Patrol can really save your pocket says Paolo Campegiani. al_9x suggests we should combine CertPatrol with Perspectives in a single add-on, but they already do great team work side by side, no? factorbee provides the advice to install CertPatrol when going on a tour using the Tor, because some Tor exit nodes will try MITM attacks against you. Phocean was unhappy about the number of "false positives" with CertPatrol. So was tanstaafl. In our idea of safety, paranoia comes first, but if we can safely reduce the number of messages, we will. In fact we did recently with 1.2.3 and will with the upcoming versions and betas. Do try out the beta versions if you need more intelligent Patrol immediately. It's all about trust! says d0mber. Schneelocke has "no idea why these things aren't done by the browser by default, anyway." This paragraph is about a paper released in March, 2010. Nothing has happened since then and the 'Certlock' add-on that was announced was never published, so you may very well choose to skip reading this box. It isn't all that interesting really. In the world of scientific research, it can occasionally happen, that the research you intend to do has already been implemented by some open source folks. What do you do when that happens? Cite some nerds in your paper as if they were proper researchers? Find some creative reasons why their work just won't cut it? On March 24th, 2010, Christopher Soghoian published a paper: "Certified Lies: Detecting and Defeating Government Interception Attacks Against SSL" cited by the EFF and others. Apparently this was news to some people, that governments can use their certification authorities for the purpose of generating false certificates and eavesdropping by man-in-the-middle attack on SSL connections where they deem necessary. Others have heard of the Bundestrojaner before, and figured out how that would really work. Certificate Patrol has been specifically designed to address this kind of threat. Alright, it's a nice paper, but given that this add-on is the only existing solution to the problem it shouldn't just be mentioned as an example on how not to do it ("7.3 Avoiding False Positives") then ignored in "Related Work", where all other relevant developers are mentioned by name except for us. In 7.4 then the paper advertises an unfinished add-on that does the same job as Certificate Patrol, only it intends to detect when an evil government is attempting to spy on you, not when it is your good government or when it is your employer. Also it mentions some things that could have come straight from our TODO list. Yes it is true that X.509 and all of its certificate business isn't easy for the average users, but it is better to inform and educate them properly rather than make some simplified automated decisions which might just horribly backfire. This way you're creating new levels of pseudo security. How can you employ a Trust-On-First-Use policy, if the MITM attack against you may already be in place? Why shouldn't your government care to eavesdrop on your bank transactions in your own country? Why should it be hard for an attacker to obtain an intermediate CA based in the US, to circumvent your country-based whitelisting strategy? Certificate Patrol informs you of things happening, keeps you in control and doesn't hide the complexity of reality from you. The approach of Certlock is fundamentally flawed even before it has been released. Sometimes a sense of security is worse than dealing with reality. It's interesting how many follow-up blog articles are being written about this paper, with people wondering whether the Certlock approach is valid or not yet the psychology of writing a negative paragraph about what could actually be the solution has exactly the intended result: None of these professionals, who presumably carefully read the paper, seem to have considered trying out something after reading a "don't even bother to try it" opinion. None even mentioned in their summaries that there may already be something out there to do the job. Negative advertisement is several times more powerful than positive advertisement. We are all sensitized to not trust someone when she tries to sell us something, but not when someone is trying to inject reasons to consider something invalid. At least endisnighe kept his mind awake while reading. For the nitpicky: Section 8 of the paper lists some scenarios where Certlock would or wouldn't be helpful. It would not be helpful whenever the attacker compells the same CA that issued the original certificate (Scenario A — something feasible for the American government and its agencies). With Certificate Patrol the new certificate would show up. You would be able to tell something is wrong if the expiry wasn't due. Same goes for Scenario B where the attacker uses a different CA based in the same country as the original CA. Same for Scenario C, as it is the same as Scenario A. Also in Scenario F, a Chinese website using an American CA being attacked with another American CA. Something Certlock would not detect, CertPatrol would. Considering that Chinese government could buy an intermediate CA from one of various CAs worldwide, it doesn't need to use the obvious CNNIC (Chinese Internet NIC Authority recently added to Firefox — should spell CINIC actually) certificate — so Certlock doesn't even properly protect those it aims to protect most: Chinese citizen. Related Articles. Yet another reason to install Cert Patrol: Mozilla developers do not remember why the "RSA Security 1024 V3" root certificate was added. Orphaned root authorities! Can you imagine? It's "sleeper cells" for your web browser. (via Jan/fefe) Law Enforcement Appliance Subverts SSL. phobos on Life without a CA. Some articles in German: fefe, Ich möchte gerne, dass Firefox mir mitteilt, wenn ich zu einer SSL-Site gehe, bei der ich schon früher mal war, und sich der Schlüssel geändert hat. Und fefe will, dass das Firefox auch ohne add-ons kann. Ich denke wir können Firefox forken, das geht schneller und ist zuverlässiger. Isotopp, Ein paar Worte zu SSL. ManIP hat es bereits selbst erlebt: Firmen fangen systematisch alle SSL-Verbindungen ab. putzo schreibt über PKI, CNNIC und RSA Security 1024. Kai Ravens Empfehlungen zum "Tuning" von Firefox. Christian Gresser probiert's einfach mal aus. Financial Cryptography, 2004-09-01: "VeriSign is offering protection from snooping, and on the other hand, is offering to facilitate the process of snooping." Since 2000: Public Key Infrastructure considered harmful

Related Work. The heise SSL Guardian does a related job. It makes sure the sites aren't using an insecure debian #define PURIFY certificate. SSL Blacklist is similar, checking for insecure MD5 algorithm being used in the certificate chain. Not sure if it is helpful to block such a certificate however. This is a good tool to consult when a Certificate Patrol warning looks suspicious: Perspectives for Firefox asks external notaries to ensure an address comes with the same certificate from several parts of the Internet. Makes self-signed certificates a legitimate tool again. This even detects MITM attacks using officially signed certificates. Now you only need to make sure the notaries are not in a conspiracy against you. ;) About us. We're developers of an open-source decentralized messaging, chat and social networking technology called PSYC. We are currently working on improving privacy and encryption in our own technology, noticed this little quirk in the security model of popular web browsers and decided to write up a few lines of Javascript to improve on that. So this started as a side project for people who enjoy a delicate taste of paranoia. Feel free to enter our https webchat should you have any question or just look for a paranoid chat. Here are some fingerprints, should you decide to trust an unencrypted HTTP link that led you here. 03:B3:CE.54:C7:F3.87:D1:EF.D3:2B:B1.61:C9:E1.23:79:D2.7B:43   ==   psyced.org SHA1 You can also use psyc://psyced.org/@patrol, xmpp:*patrol@psyced.org or irc://psyced.org/patrol to enter our chatroom (and the TLS ports use the same certificate). If you're an add-on developer, you may want to look into our prototype of a PSYC client in form of a Firefox add-on. It's called PsycZilla obviously.

Questions & Answers. Patrol only catches pages loaded via SSL, what about images, scripts, styles and frames? We use the regular document load event which also gets called for subframes, so they can't harm. A newer interface allows to walk through each element in the document, but it only works with recent browser versions. We will look into this given time. Yet, we can't come up with an attack scenario where it is useful to do a MITM attack on you as you load images, CSS or Javascript files. It is easier to attack you that way while you surf plain HTTP websites, so why bother to fake certificates just for those items? Such images cannot sneak certificates into the Patrol database (nothing can), so if you later go to the page of such an image, you will still be prompted with its certificate. In other words: No problem here. Can you intercept forms that post to SSL sites? What about AJAX? Forms may address any URL, so they could be leading to unknown sites with or without encryption. That is always a risk so you should only fill out critical forms when you trust the site. In the case of AJAX you may not know exactly where the things are sent (although browsers seem to limit where an XMLHttpRequest is allowed to go). In the case of a normal form it will load a result page, and in the process trigger Certificate Patrol if that result page is on an https site we haven't seen yet. It is generally a bad habit of unencrypted websites to provide login forms that lead to encrypted websites, since the unencrypted pages are trivial to modify in a MITM scenario. Several addons warn you before you submit a password to an unencrypted site, I currently prefer "Safe" over SSLPasswdWarning. None of these tools however warn you, if a form leads to an unknown and possibly dangerous https site. To do so, tools like Safe would have to consult our CertPatrol database. I'll put it on TODO. Not sure if it is easy to do however. In the meantime, in case of doubt, submit the form with no data or false data and examine the certificate first, then go back and use it normally. What if I'm being tricked into using unencrypted websites? The "Safe" add-on tries to make it more visibly obvious when you are not on SSL, additionally to checking login forms like SSLPasswdWarning. Force-TLS tries to force you to use SSL when you should, but by means of an HTTP extension noone is using, apparently. Also the extension is a bit pointless as the website provider can achieve the same by means of a 301 permanent redirect. SSLGuard does the same as Force-TLS, but you have to maintain the list of sites that are forced to run on https yourself. At least it is useful for some frequently used candidates like Twitter and Facebook. It's impractical that it takes so many add-ons in order to have an almost safe web browsing experience. I could try to come up with a list of ultimate tools for safety, but it's never ultimate. Sometimes you even have to trade in some privacy for more security. How could the general situation about web security be improved? Abolish expiration dates in certificates. They are a major cause of trouble and have completely failed to deliver security. Use the media, paper brochures, yes even the Yellow Pages to publish fingerprints of permanent certificates of sites your users may want to visit. Use the same channels to also announce when a private key has been breached and a new certificate needs to be issued. The current certificate revocation schemes are too privacy-unfriendly. Have a decentralized web of trust help you with confirmation and revocation of certificates. Consider implementing support for multiple redundant certification of the same public key. How does this affect the certification industry? It could become a fingerprint publication industry instead. What can I do? Help us implement communism. Testing the add-on. For the interested ones, to manually trigger seeing a web site replace its certificate, you can do one of these things: Have an https web site yourself and change the certificate. Manually have an address in /etc/hosts point to this or that https: IP address and add many security exceptions to Firefox in order for Patrol to even get to do its warning part. Use an sqlite editor like the "SQLite Manager" add-on, edit the CertPatrol.sqlite file and modify any of the fingerprints of an https: website you have visited before. This way, Patrol will think it has seen that web site using a different certificate than it actually does, so as soon as you go to that web site it will warn you of an apparent change in certificate. Make a manual backup of an old or patched CertPatrol.sqlite file and copy it back whenever you need to test a warning.