diff --git a/README.md b/README.md index f113f06..88c4a23 100644 --- a/README.md +++ b/README.md @@ -52,7 +52,9 @@ This list is sorted alphabetically by the names of the Certificate Authorities. * __November 2011:__ Digicert Malaysia is blacklisted by Microsoft, Google and Mozilla after issuing 22 certificates with serious security deficiencies. Their intermediate CA certificate is also revoked by Entrust. ([source](http://www.theregister.co.uk/2011/11/03/certificate_authority_banished/)) -### DigiNotar (now defunct) +### DigiNotar + +__Now defunct.__ * __July 10, 2011:__ DigiNotar issues fraudulent wildcard certificate for Google that is later used in an MITM attack. ([source](https://en.wikipedia.org/wiki/DigiNotar#Issuance_of_fraudulent_certificates)) * __August 2011:__ It becomes clear that hundreds of fraudulent certificates were created. The total count of fraudulent certificates is at least 531. ([source](https://en.wikipedia.org/wiki/DigiNotar#Issuance_of_fraudulent_certificates)) @@ -62,17 +64,22 @@ This list is sorted alphabetically by the names of the Certificate Authorities. * __November 2011:__ Entrust is involved in the Digicert Malaysia incident (see above), and has apparently failed to audit the intermediary CA. They revoke Digicert Malaysia's intermediate certificate after the incident becomes public. ([source](https://web.archive.org/web/20111105175853/http://www.entrust.net/advisories/malaysia.htm)) -### Gemnet (owned by KPN) +### Gemnet + +__Owned by KPN.__ * __December 2011:__ Gemnet is compromised through an unsecured and passwordless public instance of PHPMyAdmin. It is unclear whether fraudulent certificates were issued, or whether confidential information was leaked. ([source](http://webwereld.nl/security/55479-weer-certificatenleverancier-overheid-gehackt)) -### Getronics / KPN Corporate Market (owned by KPN) +### Getronics / KPN Corporate Market + +__Owned by KPN.__ * __November 2011:__ Evidence surfaces that Getronics was compromised 4 years earlier, but Getronics claims that no production servers were affected. ([source](http://webwereld.nl/security/55191-kpn-stopt-uitgifte-certificaten-na-mogelijke-hack), [source](https://web.archive.org/web/20111106203252/http://www.kpn.com/corporate/overkpn/Newsroom/nieuwsbericht/KPN-stopt-uit-voorzorg-uitgifte-nieuwe-veiligheidscertificaten.htm)) ### GlobalSign * __September 2011:__ A webserver at GlobalSign is compromised. GlobalSign notes that there was no evidence of fraudulent certificate issuance, and that the issuance systems were airgapped and thus not affected. ([source](https://en.wikipedia.org/wiki/GlobalSign#2011_hacking_incident)) +* __October 13, 2016:__ GlobalSign erroneously revokes an intermediary certificate, leading to certificate validation errors for many (major and smaller) customers, on otherwise valid certificates. ([source](http://www.theregister.co.uk/2016/10/13/globalsigned_off/)) ### Kazakh Government @@ -88,9 +95,18 @@ This list is sorted alphabetically by the names of the Certificate Authorities. * __July 8, 2014:__ Google announces that it has detected fraudulently certificates for various Google domains, issued by the National Informatics Centre of India. The certificates were likely used for an MITM attack. ([source](https://security.googleblog.com/2014/07/maintaining-digital-certificate-security.html)) -### StartCom (now likely owned by WoSign) +### StartCom -* __April 2014:__ StartCom refuses to revoke certificates that were (potentially) compromised through HeartBleed. ([source](https://en.wikipedia.org/wiki/StartCom#Response_to_Heartbleed)) +__Now owned by [WoSign](#wosign), and has been quietly operating under WoSign for an unknown length of time, prior to public disclosure.__ + +* __December 2008:__ StartCom's founder, Eddy Nigg, obtains a fraudulent certificate from Comodo for `mozilla.com`. While this was allegedly for the purpose of demonstrating an issue with Comodo, Nigg subsequently uses the certificate on a public-facing web server, and threatens the release of its private key. ([source](https://bugzilla.mozilla.org/show_bug.cgi?id=471702)) +* __April 2014:__ StartCom refuses to revoke certificates that were (potentially) compromised through HeartBleed, thereby violating CA requirements. ([source](https://en.wikipedia.org/wiki/StartCom#Response_to_Heartbleed), [source](https://groups.google.com/d/msg/mozilla.dev.security.policy/TbDYE69YP8E/JpdMjH98GQAJ)) +* __May 2014 (and ongoing?):__ StartCom issues multiple certificates that are shorter than the required 2048 bits, thereby violating CA requirements. This is allegedly due to a software bug, but StartCom has failed to provide further details or clear remediation. ([source](https://bugzilla.mozilla.org/show_bug.cgi?id=1015767)) +* __June 2014:__ StartCom issues at least ~30 certificates with duplicate serial numbers, and fails to timely respond to a report about this from Mozilla. ([source](https://bugzilla.mozilla.org/show_bug.cgi?id=1029884)) +* __October 2015:__ StartCom's OCSP server experiences severe delays in confirming newly issued certificates, leading to certificate validation errors in Firefox for otherwise valid certificates. ([source](https://bugzilla.mozilla.org/show_bug.cgi?id=1006479), [source](https://bugzilla.mozilla.org/show_bug.cgi?id=1151270)) +* __October 2015:__ StartCom fails to verify that the RSA public key exponent for a certificate equals 3 or higher, thereby violating CA requirements. ([source](https://bugzilla.mozilla.org/show_bug.cgi?id=1212655)) +* __April 2016:__ StartCom issues 7 certificates that are missing a `localityName` and `stateOrProvinceName`, thereby violating CA requirements. ([source](https://bugzilla.mozilla.org/show_bug.cgi?id=1266942)) +* __May 2016:__ StartCom issues certificates using the disallowed secp256k1 curve, thereby violating CA requirements. ([source](https://bugzilla.mozilla.org/show_bug.cgi?id=1269183)) * __June 18, 2016:__ StartCom launches a service named "StartEncrypt", which is essentially a clone of Let's Encrypt - however, it requires the installation of a binary, with no ability to inspect the source code. (source: see `sources/startencrypt.txt`) * __June 30, 2016:__ StartEncrypt is found to have numerous vulnerabilities, including multiple critical vulnerabilities that resulted in the possibility of misissuance for high-profile domains such as `google.com`, `facebook.com`, `live.com`, `paypal.com`, and `dropbox.com`. ([source](https://www.computest.nl/blog/startencrypt-considered-harmful-today/)) * __July 2016:__ StartCom, in its StartEncrypt API, allows issuance of SHA1 certificates, in violation of CA requirements. The certificates are also backdated to December 20, 2015, and signed by WoSign rather than StartCom. The incident was not reported to Mozilla as it should have been. ([source](https://groups.google.com/d/msg/mozilla.dev.security.policy/k9PBmyLCi8I/8leLkhpoCgAJ)) @@ -110,7 +126,9 @@ This list is sorted alphabetically by the names of the Certificate Authorities. * __Late 2011:__ TÜRKTRUST hands out subordinate certificates to the Turkish government and a Turkish bank and fails to disclose the existence of these certificates, allowing these organizations to issue their own (CA-validated) certificates. One of these certificates was used to issue a certificate for `gmail.com`. ([source](https://freedom-to-tinker.com/blog/sjs/turktrust-certificate-authority-errors-demonstrate-the-risk-of-subordinate-certificates/)) -### Verisign (CA is now owned by Symantec) +### Verisign + +__The CA part of VeriSign is now owned by [Symantec](#symantec).__ * __March 2003:__ VeriSign is found to have issued a fraudulent code signing certificate in the name of Microsoft Corporation. This allows an attacker to pretend that their software was verified and signed by Microsoft. ([source](https://technet.microsoft.com/en-us/library/security/ms01-017.aspx)) * __2010:__ Verisign is compromised, and undisclosed information is obtained by the attackers. ([source](http://www.reuters.com/article/us-hacking-verisign-idUSTRE8110Z820120202))