September 3rd, 2011

The certificate collapse

I know this is tech stuff, but it is tech stuff affecting us all, as it connectsthe largest internet company in the worls, my little country and axis-of-evil-Iran. And you all know I love connections :)

Short story, highly simplified and for arguments sake untruely only applied to “websites”: This week, the trusted third party “Diginotar”, which issues SSL certificates was proven to be hacked by Iranian hackers. They were able to issue themselves a valid *.google.com certificate, enabling (Iranian AND others of course) governmental men-in-the-middles to eavesdrop on i.e. gmail, without anyone being able to even detect it. Diginotar also issues certificates for next to all governmental services inclusing social security, tax office, drivers licence office, municipal services, etcetera. Furthermore certificates for tor, for the add-on site of Mozilla and god knows what else.

Long story, still not entirely correct to keep it reasonably readable. A certificate is a rather smart digital “seal” that is issued by a trusted third party (TTP) and installed in a website (again simplified, it can in essence be used for all sorts of electronic communications). The TTP issues these certificates from a sort of “mother” certificate. Browsers on the other hand, have a clever way to prove the certificate from the website the user visits is actually derived from the “mother”. Browsers issue a security warning to the user if a website uses a certfiicate that is NOT derived from a well known set of trusted mothers. Now, if a TTP runs a flawless operation, keeps the known mothers entirely safe and actually check if the requester of a certificate (say: me) is requesting a certificate for a valid host for me (say: this website [valid], google.com [most definately NOT valid]), we have an unbreakable trust triangle. TTP trusts the website owner, the user (read: the browser makers) trusts whatever the TTP’s of this world say they can trust. There are around 650 TTP’s in this world, and a few dozens of trusted “mother” certificates.

A well known trusted “mother” is “Staat der Nederlanden Root CA”, which is THE root of my country! A derived “daughter” is “DigiNotar PKIoverheid CA Overheid en Bedrijven”. This root is used by a lot of governmental websites AND commercial companies and has been compromised. The hackers have created various certificates, including one for *.google.com, and various others that are considered “high profile. Browsers, until now, have trusted this false certificate. Several browser makers have started banning this certificate, and last night, the equivalent of the home office secretary, decided to revoke said daughter certificate. By the time you read this, all website using Diginotar’s certificate will be deemed “unsafe”. Oopsie. And the worst part is of course people believing they were using a safe, encrypted, untappable gmail account being secretly spied upon (and you can bet this has been done).

Diginotar’s damage control has been horrendous. Basically they have kept things under the rug when discovered, and they didn’t even file a complaint at the Justice department. That could even been regarded as willful negligence.

Update: oh my, too much, too much (see this list)

Update: Here is the published list of compromised (read: Diginotar certified) certificates. Brace:

CN=*.10million.org
CN=*.JanamFadayeRahbar.com
CN=*.RamzShekaneBozorg.com
CN=*.SahebeDonyayeDigital.com
CN=*.android.com
CN=*.aol.com
CN=*.azadegi.com
CN=*.balatarin.com
CN=*.comodo.com
CN=*.digicert.com
CN=*.globalsign.com
CN=*.google.com
CN=*.microsoft.com
CN=*.mossad.gov.il
CN=*.mozilla.org
CN=*.skype.com
CN=*.startssl.com
CN=*.thawte.com
CN=*.torproject.org
CN=*.walla.co.il
CN=*.windowsupdate.com
CN=*.wordpress.com
CN=Comodo Root CA
CN=CyberTrust Root CA
CN=DigiCert Root CA
CN=Equifax Root CA
CN=GlobalSign Root CA
CN=Thawte Root CA
CN=VeriSign Root CA
CN=addons.mozilla.org
CN=azadegi.com
CN=friends.walla.co.il
CN=login.live.com
CN=login.yahoo.com
CN=my.screenname.aol.com
CN=secure.logmein.com
CN=twitter.com
CN=wordpress.com
CN=www.10million.org
CN=www.Equifax.com
CN=www.balatarin.com
CN=www.cia.gov
CN=www.cybertrust.com
CN=www.facebook.com
CN=www.globalsign.com
CN=www.google.com
CN=www.hamdami.com
CN=www.mossad.gov.il
CN=www.sis.gov.uk
CN=www.update.microsoft.com

January 29th, 2011

Murdered by ones government, again

In December 2009, Zahra Bahrami, a born Iranian woman, but naturalized to be Dutch, traveled back to her home country for a family visit. What exactly happened there is not clear, but she was arrested for treason and drugs possession. The storyline here is she was arrested shortly after attending a demonstration against the regime. Iran not accepting her Dutch citizenship sentenced her to death.

Today, it was confirmed she was executed by hanging. In Iran, this used to be being hoisted by a crane, not breaking the neck, but dying a slow, painful, barbarian death. Diplomatic contacts have been put on the back-burner and there are voices stating there is no use in having an embassy at all. Picture posted to show we are talking real people, not some abstract concept of life and death.

Zahra Bahrami

Note: the Iranian government states she was convicted of drugs trafficking, which, if true, is not the smartest thing to do (see footnote in this post). And she was caught here for that crime earlier. The major issue though is the death sentence in itself, and the complete opaqueness of the trial. No assistance, no lawyers, no nothing.

Note: The “security forces” informed her daughter last week Zahra Bahrami was being buried at the same moment in a village a couple of hundred kilometers from Teheran, making the process of dealing with all this unnecessary harder for the family. The Dutch ambassador in Teheran is being withdrawn. The minister of foreign affairs was being seriously questioned about the diplomatic actions and non actions of the administration. He lied flat out saying “everything posssible had been done”, while, in fact he personally had done literally nothing at all. But of course this had no consequences. What is the expression again? The chicken is involved in the bacon-and-egg; the pig is committed?

November 3rd, 2008

Eve of Destruction

Noam Chomsky recently noted that the United States has one political party with two factions: the Republicans and the Democrats. The elections to be held this Tuesday in the United States will, no doubt, impact people around the world, some for better and many for worse. I’m not sure why, but I was poking around in my “archives” tonight and revisited a lecture that has had a big impact on how I view my country. Speaking at Riverside Church in New York City author Arundhati Roy delivered her thoughts in a message titled, “Instant Mix Imperial Democracy (Buy One Get One Free),” on April 13, 2003.

Roy noted, among many other things, that:

Way back in 1988, on the 3rd of July, the U.S.S. Vincennes, a missile cruiser stationed in the Persian Gulf, accidentally shot down an Iranian airliner and killed 290 civilian passengers. George Bush the First, who was at the time on his presidential campaign, was asked to comment on the incident. He said quite subtly, “I will never apologize for the United States. I don’t care what the facts are.”

I don’t care what the facts are. What a perfect maxim for the New American Empire. Perhaps a slight variation on the theme would be more apposite: The facts can be whatever we want them to be.

When the United States invaded Iraq, a New York Times/CBS News survey estimated that 42 percent of the American public believed that Saddam Hussein was directly responsible for the September 11th attacks on the World Trade Center and the Pentagon. And an ABC News poll said that 55 percent of Americans believed that Saddam Hussein directly supported Al Qaida. None of this opinion is based on evidence (because there isn’t any). All of it is based on insinuation, auto-suggestion, and outright lies circulated by the U.S. corporate media, otherwise known as the “Free Press,” that hollow pillar on which contemporary American democracy rests.

Public support in the U.S. for the war against Iraq was founded on a multi-tiered edifice of falsehood and deceit, coordinated by the U.S. government and faithfully amplified by the corporate media.

Good luck to us all.

A written transcript of Roy’s presentation is available here.

January 25th, 2008

The justice system of Iran

Here we go again.

Brussels, Jan. 25. The European Union is deeply concerned about the imminent execution of seven Iranians who have been sentenced to death for acts they committed as minors.

(…) It also concerns Europe how the death penalty is carried out in Iran. Convicts are stoned to death or thrown from a high cliff, which goes against the promise of Iran not to violate international human rights.

Or by other means, not that it matters b.t.w.

June 16th, 2007

The numbers in journalism

The project for excellence in journalism is an interesting site. Instead of focusing on the rhetoric it does a quantitative analysis on where the focus is in the media. Last week:

buildchartp2.jpg

Interesting huh? PH outdoing the cause of the king being a lame dead duck, and the demise of state finances by a long shot. What a mess. Speaking of finances. I tend to support the idea that it will be the Reps killing the $ for the war in Iraq, in a desperate move to cut loose the weight. Unless Cheney, who has been blatantly ignored the last couple of weeks, talks the crooks into bombing Iran; he’s already spreading (false) claims Iran is supplying the Taliban with weapons.

On a funny sidenote. Bush did get a ovational reception the other day. Where you ask? In Albania!

OK, I’ll stop. I have no right to comment on foreign leaders, although my government is so influenced by U.S. politics, I think I can now and then. 600 days to go. It’ll be a long 600 days.

September 15th, 2006

The nukes of Iran

From the Washington Post. Emphasis and shortening by me

U.N. inspectors investigating Iran’s nuclear program angrily complained to the Bush administration and to a Republican congressman yesterday about a recent House committee report on Iran’s capabilities, calling parts of the document “outrageous and dishonest” and offering evidence to refute its central claims.

(…) Among the committee’s assertions is that Iran is producing weapons-grade uranium at its facility in the town of Natanz. The IAEA called that “incorrect,” noting that weapons-grade uranium is enriched to a level of 90 percent or more. Iran has enriched uranium to 3.5 percent under IAEA monitoring.

When the congressional report was released last month, Hoekstra said his intent was “to help increase the American public’s understanding of Iran as a threat.” Spokesman Jamal Ware said yesterday that Hoekstra will respond to the IAEA letter.

Rep. Rush D. Holt (D-N.J.), a committee member, said the report was “clearly not prepared in a manner that we can rely on.” He agreed to send it to the full committee for review, but the Republicans decided to make it public before then, he said in an interview.

(…) Privately, several intelligence officials said the committee report included at least a dozen claims that were either demonstrably wrong or impossible to substantiate.

“This is like prewar Iraq all over again,” said David Albright, a former nuclear inspector who is president of the Washington-based Institute for Science and International Security. “You have an Iranian nuclear threat that is spun up, using bad information that’s cherry-picked and a report that trashes the inspectors.”

Read the article linked to pls, it goes on and on and on. I hope it will help you, the reader, “increase [your] understanding of Iran as a threat”. BTW, It’s my personal opinion that nuke stuff in the hands of Iran is quite a bad idea.

|