Last Comment Bug 460374 - All certificates show not trusted - get error code (MITM in-the-wild)
: All certificates show not trusted - get error code (MITM in-the-wild)
Status: RESOLVED INVALID
:
Product: Firefox
Classification: Client Software
Component: Security (show other bugs)
: unspecified
: x86 Windows XP
: -- normal (vote)
: ---
Assigned To: Nobody; OK to take it and work on it
:
Mentors:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2008-10-16 18:14 PDT by Kayla
Modified: 2009-12-10 08:28 PST (History)
19 users (show)
See Also:
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---


Attachments
screen shot using microsoft word processor. forgot to load ms paint on my computer (89.00 KB, application/octet-stream)
2008-10-17 16:05 PDT, Kayla
no flags Details
extracted screenshot (96.88 KB, image/png)
2008-10-17 17:19 PDT, Johnathan Nightingale [:johnath]
no flags Details
Actual Paypal certificate details (40.37 KB, image/png)
2008-10-17 17:21 PDT, Johnathan Nightingale [:johnath]
no flags Details
Screen shots of internet explorer certificates (397.50 KB, application/octet-stream)
2008-10-18 12:41 PDT, Kayla
no flags Details
UNA's wireless certificate. (88.50 KB, application/octet-stream)
2008-10-18 12:43 PDT, Kayla
no flags Details
Possible improvement to error message (19.43 KB, image/png)
2008-11-04 01:35 PST, Darren Hobbs
no flags Details

Description Kayla 2008-10-16 18:14:00 PDT
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1b1) Gecko/20081007 Firefox/3.1b1
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1b1) Gecko/20081007 Firefox/3.1b1

ALL web pages I have to sign in to (or sometimes just visit) say this and I have to manually add the certificate by:
1. Clicking on the blue wording at the bottom
2. clicking on the add exception button
3. click get certificate
4. confirm the certificate

Once I do this, it does not pop back up for that specific page, but it is quite annoying! I am using the firefox 3.1, but it did this with 3.0 and before. I am using wireless internet (over an unsecured wireless network - basically bumming). I am also using Windows XP and I formatted my hard drive last night because I got a bug. So it's like I'm using a brand new computer.
It did this for facebook, myspace, hotmail, my college's network, and more.



secure.wikimedia.org uses an invalid security certificate.

The certificate is not trusted because it is self signed.

(Error code: sec_error_ca_cert_invalid)


Reproducible: Always

Steps to Reproduce:
1. Logging in to a website that I haven't visited previously (ever)
2. It doesn't happen again for that specific web site after I confirm exception
3.
Actual Results:  
It gives me a page load error, and says Secure Connection Failed. I have to confirm certificate exception

Doesn't happen again for that specific website I added an exception to.

Expected Results:  
The page shouldn't pop up EVERY time I visit a new page to log in to. It should go straight to the log in page!

I don't think the version has anything to do with it. I've used 3.1 beta and before and get the same results. I have also formatted my hard drive, so my computer is like new. I downloaded Mozilla like new. I am not using any themes.


Build platform
target
i686-pc-mingw32

Build tools
Compiler 	Version 	Compiler flags
cl 	14.00.50727.762 	-TC -nologo -W3 -Gy -Fdlibs.pdb -DNDEBUG -DTRIMMED -Zi -UDEBUG -DNDEBUG -GL -wd4624 -wd4952 -O1
cl 	14.00.50727.762 	-GR- -TP -nologo -Zc:wchar_t- -W3 -Gy -Fdlibs.pdb -DNDEBUG -DTRIMMED -Zi -UDEBUG -DNDEBUG -GL -wd4624 -wd4952 -O1

Configure arguments
--enable-application=browser --enable-update-channel=beta --enable-update-packaging --enable-jemalloc --enable-official-branding
Comment 1 Johnathan Nightingale [:johnath] 2008-10-16 19:26:32 PDT
I suspect you are being man-in-the-middle attacked.

Don't get me wrong - the "attack" may be unintentional - a badly configured corporate proxy, maybe?  To use secure.wikimedia.org as an example, it presents a valid certificate and should not trigger the warning.  The fact that this has started to happen for you, and is happening for ALL secure sites, suggests to me that someone is trying to insert themselves into your secure connection.  (More information here: http://blog.johnath.com/2008/08/05/ssl-question-corner/ )

To confirm this, it would be helpful to see what certificates you are seeing with these sites.  If I'm right, the certificates you're seeing will be generated ones, maybe with forged information about the target site (pretending to be secure.wikimedia.org, for instance), or maybe with generic information, the same certificate being displayed each time.

The next time this happens:
 - Click the blue "Or you can add an exception..." text
 - Click the "Add Exception" button
 - When the dialog comes up, click "Get Certificate"... all of this is as you've done before.

 - *Instead of clicking "Confirm Security Exception", click the "View" button to display the certificate details.
 - Take screen captures of those and paste them here.

If you haven't taken a screen capture before, it's easy on Windows XP.  Just wait until the certificate information is visible, and then hit the "PrtSrn" key.  This will take a picture of the screen and put it on your clipboard.  From there, you can paste it into a program like MS Paint and save it as an image.  You can attach that image to this bug using the "Add Attachment" link.

Once we can see the certificate details, we'll have a better idea of what's going on.  In the meantime, I would encourage you not to enter any more confidential information over those connections, since a third party could be stealing that information, or altering it in transit.
Comment 2 Kayla 2008-10-17 16:05:26 PDT
Created attachment 343653 [details]
screen shot using microsoft word processor. forgot to load ms paint on my computer

www.paypal.com uses an invalid security certificate.

The certificate is not trusted because it is self signed.

(Error code: sec_error_ca_cert_invalid)
Comment 3 Matthias Versen [:Matti] 2008-10-17 17:01:41 PDT
To be sure that you didn't lost your root certificate database, can you please create a new Profile.
http://support.mozilla.com/en-US/kb/Managing+profiles

Do you have the same issue with IE ?
Comment 4 Johnathan Nightingale [:johnath] 2008-10-17 17:19:31 PDT
Created attachment 343662 [details]
extracted screenshot
Comment 5 Johnathan Nightingale [:johnath] 2008-10-17 17:21:58 PDT
Created attachment 343663 [details]
Actual Paypal certificate details
Comment 6 Eddy Nigg (StartCom) 2008-10-17 17:22:21 PDT
WOW, this is an MITM!
Comment 7 Johnathan Nightingale [:johnath] 2008-10-17 17:35:00 PDT
This confirms my suspicion - someone is intercepting your network traffic.  The firefox warnings that someone may be trying to impersonate the server were right, in your case.

The certificate you are seeing has been generated to *look* like Paypal's certificate, it says Paypal all over it, even claims that Paypal issued it to itself, but that certificate is not valid.  I bet the one generated for myspace, or facebook, or any other site would likewise dump plausible-looking information from the real certificate, but they are also forgeries.  The one thing a forger can't do is get a trusted authority to sign the certificates, which is how Firefox knew to show you the warning.

This also, in my mind, removes the possibility that it is accidental, or just a badly configured proxy.  If that were the case, it wouldn't be trying to trick you by generating plausible-looking certificates, it would just use some default certificate in all cases.

The open wireless you are using is being run by an attacker, as far as I can tell.  He/She could just be playing around, or it could be a deliberate attempt to steal personal information.  By getting you to tell firefox to trust the fake certificates, he/she is able to read your network traffic, including login information.  If you have interacted with any sites with sensitive material (banking, for instance) my advice would be to change your passwords, and watch those accounts for any suspicious activity.  If you feel it's appropriate, you might want to get law enforcement involved as well, although this should not be taken as legal advice - I'm not a lawyer and I don't know what laws would apply in your jurisdiction.

I'm sorry this person decided to trick you.  I will try to offer any help I can to you here, if you want more detailed explanations about what's happened.

I'm resolving this bug as INVALID since the behaviour you're seeing is caused by Firefox working properly, not a bug, but the bug will still accept comments if you have questions or need clarification.
Comment 8 Daniel Veditz [:dveditz] 2008-10-17 22:32:34 PDT
We should remember this one for all those people who dismiss Firefox's worries about MITM attacks. They're real, they're here.

The oft-proposed "connect anyway on first time" behavior could be really dangerous in this case -- in Comment 0 the poster had just formatted their machine and reinstalled, so all of those sites would presumably have been "first time" contacts.
Comment 9 Justin Dolske [:Dolske] 2008-10-17 23:24:21 PDT
The UI implications of an attack like this are interesting to consider... The current warning works well if a user hits it on just a single site, but when every site is being MITM'd it looks like Firefox is broken. [And considering that an attacker could be undetectably altering non-SSL pages to include fake "your browser is broken, click here to fix it" notices, this isn't easy to address!]
Comment 10 Mike Beltzner [:beltzner, not reading bugmail] 2008-10-18 00:09:43 PDT
re: comment #9

One hopes that KCM will help us be able to say more intelligent things here in the future, but even in the here and now it feels like there's things we can do to check for MITM attacks, even if it means pinging back to mozilla.com using SSL and ensuring that we get the appropriate response. If we don't get the response we expect, we can be reasonably assured that something is amiss.
Comment 11 Johnathan Nightingale [:johnath] 2008-10-18 06:49:46 PDT
As I said earlier in email - I think we should avoid using this bug as a general discussion zone (even though we typically would) given that the reporter has had her privacy invaded, may have had important information stolen, and is not likely to be served well by us discussing implementation options.

I know Eddy has blogged about it too, but I don't want this to become a circus.  People who want to talk about making the error messages more clear should head over to bug 431826.  People who want to talk about KCM should take it to bug 398721.  It's fine to use this case, in the abstract, as an example of why we take a more hostile stance towards untrusted certs, but yeah, I really don't want Kayla to have to wade through an SSL UI policy debate, nor to become a living test case.
Comment 12 Nelson Bolyard (seldom reads bugmail) 2008-10-18 09:52:59 PDT
I propose that we move this discussion to mozilla.dev.tech.crypto,
a.k.a. <dev-tech-crypto@lists.mozilla.org>. I will start a thread there.
Comment 13 Nelson Bolyard (seldom reads bugmail) 2008-10-18 10:03:43 PDT
I hope that someone here has advised Kayla to change her passwords for all 
the https sites whose bad cert errors she has overridden, and to do so with
a fresh browser profile, in a different geographic place, without overriding
any more bad cert errors.  Some attacker now has all those old passwords.
Comment 14 Kayla 2008-10-18 12:40:27 PDT
****. I don't like this.

I tried to do the new profile thing, and I couldn't find it on my computer. I tried searching firefox.exe -ProfileManager and firefox.exe and couldn't find it. 

I have been keeping an eye on all the sites I have used my password and such, and nothing is out of the ordinary. I went so far as to do a credit report, and there is nothing on there that I haven't done. But, that doesn't mean I'm going to ignore it.

So you are telling me that even if I type Myspace.com into the web browser, that the person can re-route it? Scary.

Another thing is, this happens to me when I am at school. I'm attaching a screen shot of the internet explorer certificates (it is not trusted by them either) and one of colleges wireless certificates. It should be trusted. We have a group of "smart people" come in - people who run our wireless internet. (I just woke up and can't think of the name sorry) You have to have a username and password to use the wireless or it won't let you on period. 

Could the person read what I am writing now? as I write it?

Funny thing is, the person who is doing this would live near me right? Their wireless internet has to be close enough for me to connect to right? If so, I have already narrowed it down to who it may be.
Comment 15 Kayla 2008-10-18 12:41:42 PDT
Created attachment 343747 [details]
Screen shots of internet explorer certificates
Comment 16 Kayla 2008-10-18 12:43:14 PDT
Created attachment 343748 [details]
UNA's wireless certificate.

I can only connect to (or add an exception to) the wireless internet while I am connected to it. So this certificate is from another location than the other 2 I have submitted
Comment 17 Matthias Versen [:Matti] 2008-10-18 18:33:23 PDT
SSL (https) exists to ensure that your data is encrypted from you to site X (for example a banking site). A broken certificate means that you don't encrypt the data between your system and a banking site, you are encrypting the data (login data for example) between your system and the attackers system. He can read everything that you send or receive from the Internet and i suggest that you change all your login data (passwords) that you used over the broken connection but you have to change it from a secure connection.

This attack is called MITM= Man-in-the-middle attack
( http://en.wikipedia.org/wiki/Man-in-the-middle_attack )

If you have to enter a username/password at your school to access the internet and this certificate is broken, then you can't be sure that the login data that you send to the school wireless system is safe but it could be a broken setup in this case. You should ask your school admin about that. If you use this internet connection your login data to other sites should be still safe as long as the certificates are valid and unbroken.

You should now make sure that you remove the exceptions that you added before.
This added exceptions mean that you thrust the attacker encryption and Firefox will you not warn you. Using a new profile is the easiest way to be sure that all exceptions are removed. Close Firefox first and then open in windows : Start -> run and enter there C:\Program Files\Mozilla Firefox\Firefox.exe -Profilemanager
Comment 18 Johnathan Nightingale [:johnath] 2008-10-18 20:59:05 PDT
(In reply to comment #14)
> Crap. I don't like this.
> 
> I tried to do the new profile thing, and I couldn't find it on my computer. I
> tried searching firefox.exe -ProfileManager and firefox.exe and couldn't find
> it. 
> 
> I have been keeping an eye on all the sites I have used my password and such,
> and nothing is out of the ordinary. I went so far as to do a credit report, and
> there is nothing on there that I haven't done. But, that doesn't mean I'm going
> to ignore it.

That sounds like a good plan.  Hopefully it's just some idiot fooling around and the most he/she is hoping to get is some juicy emails.

> So you are telling me that even if I type Myspace.com into the web browser,
> that the person can re-route it? Scary.

For unsecured connections, that's just it.  If this person controls your internet access (by offering a seemingly-open wireless access point, for instance) then they can reroute things on the fly.  They can't impersonate a secure site without getting our warning though, so if you heed those warnings, you should be able to spot it when it happens in the future.  

> Could the person read what I am writing now? as I write it?

Bugzilla is a secure site, so if you connect on a network that doesn't interfere with your traffic, and doesn't require an exception, then what you type is protected.  If, however, you are accessing it after trusting his/her fake certificate, then yes, they could watch it come through, and then pass it on to the real bugzilla.

> Funny thing is, the person who is doing this would live near me right? Their
> wireless internet has to be close enough for me to connect to right? If so, I
> have already narrowed it down to who it may be.

Exactly - wireless can sometimes be picked up almost a mile away, but for practical purposes, it's likely someone quite nearby.  It also suggests that this person might be intercepting other people's traffic as well.  Many web browsers are not quite as persistent with their warnings as Firefox 3, so they may have been totally ignored. If you have friends or roommates who might be falling into the same trap, please let them know what's happening.
Comment 19 Nelson Bolyard (seldom reads bugmail) 2008-10-19 10:36:10 PDT
Kayla,
The fact that "nothing is out of the ordinary" on the sites you visit means
that the attacker has not YET tried to use any information he has gathered
about you to make changes to your accounts.  It is not evidence that he has
not gathered your sensitive information.  The attacker might wait until the 
end of the semester (Christmas break) to take advantage of that info.

I recommend that you take the following steps immediately, as soon as is 
practical for you to do so:
1. get rid of the "exceptions" you created for the attacker's phony certs,
and get rid of the phony certs themselves, and do not thereafter create any
new cert exceptions for bad certs.  This can be done by either (a) creating
a new profile or (b) ridding your existing profile of the files that 
contain the attacker's certs and exceptions. (instructions below).
2. Get a new internet service, one that does not depend on the attacker's
wireless service.

When you have done those 2 steps, you should again be able to connect to 
your bank, and your social web sites, and your university web sites,
your webmail service, etc., without being eavesdropped.  Then, 
3. Change your passwords on *all* the sites for which you had created 
exceptions.

You've written that you haven't been able to create a new profile.  Here 
are some steps you can take to rid your old profile of the bad stuff.  
First, if you haven't already done so, you will have to configure Windows
to allow you to see its "hidden" directories (folders).  

To do that, open a Windows Explorer window ("Exploring My Computer"), 
[to do that, right click on "My Computer" and click on "Explore" in the 
menu that pops up], select Tools->Folder Options, then select the View tab.  
In the "Advanced Settings" box in that dialog, put check marks in the box for 
   [x] Display the contents of system folders
Remove the check mark from the box that says
   [ ] Hide extensions for known file types
and click the "radio button" for 
   (.) Show hidden files and folders
which is udner "Hidden files and folders".
Then click OK.

Now find your profile directory.  One way to do this is to open Windows 
Explorer again, then in the left pane, go into your C: drive (click the [+]
by the C drive icon, to expand it) and click on "Documents and Settings".
then right click there and select "Search...".  Search for the file cert8.db.
(You may find more than one.  The newest one is probably the one you want.)
Click on that file, and then right click on it and in the menu that appears
select "Open Containing Folder".  A Window will appear showing the profile
folder.  

Very important: before proceeding, at this point, you must exit your browser
and make sure it is gone.  Do not make changes in the profile folder while 
the browser is running.  You may need to print off these instructions before
proceeding.

When your browser is not running, move the following files out of it.  
You can move them onto your "desktop", or into "My documents", or some 
other folder that you create, but you should not destroy them (not yet).
Move the files cert8.db and cert_override.txt, and also move the directory 
cert8.dir (if you have one), to your desktop or to another folder such as
"My Documents".

Then restart your browser.  Now, all the exceptions are gone, and all the
bad old certs are gone.  But don't start to change passwords until you've
made sure you're not using the bad WiFi access point any more.  From this
point on, you should be VERY wary of any site for which FF3 reports an 
invalid certificate to you, and not create exceptions for them.

Then, I ask you to do one more thing.  Please email to me those two files,
cert8.db and cert_override.txt.  From those files, I will be able to 
give you a list of all the servers for which you had created exceptions,
and I will be able to study the attacker's certs in greater detail than 
from the screen shots you provided (which I cannot decode).
Comment 20 Darren Hobbs 2008-11-04 01:35:17 PST
Created attachment 346230 [details]
Possible improvement to error message

There's been a lot of discussion about how to improve the situation with regard to MITM attacks and what FF should do. I think the existing, somewhat generic, warning message could be made clearer. It should be a fairly simple change text-wise, perhaps a bit more work to un-generify the security alerts from other types of error.

I've bodged together a minor alteration that attempts to be a bit more explanatory than the existing message. I know its not a real self-signed cert warning, I just needed to generate an error so I could modify it. I'm not a HCI expert, I'm sure one could do a much better job than me.
Comment 21 Eddy Nigg (StartCom) 2008-11-04 01:51:09 PST
Darren, some other work has been done in this field, see https://bugzilla.mozilla.org/attachment.cgi?id=344926
Comment 22 Johnathan Nightingale [:johnath] 2008-11-04 07:35:05 PST
Darren - first off, thanks for the effort here, but yeah, as Eddy points out, bug 431826 has done work very much like what you describe, and that has since landed for Firefox 3.1
Comment 23 Paul Rubin 2008-12-23 05:45:54 PST
I don't think there is anything wrong with that certificate from comment #5.  I just connected to https://www.paypal.com and got the exact same certificate and no errors from FF 3.0.5.  Note that it is an SGC certificate which means that it is signed by an intermediate certificate with a special OID that is chained to the regular Verisign root.  I wonder if something has happened to the OP's browser config that has stopped the chained cert from being recognized.  That is a fairly common failure point of less well developed TLS stacks, though Netscape got it right way back in the early days.  I suppose it's possible something broke.
Comment 25 Paul Rubin 2008-12-23 06:47:51 PST
No wait, if I'm reading the thread right, comment #5 is the correct Paypal certificate supplied by Jonathan, and comment #4 is extracted from Kayla's screen shot.  The serial number in it doesn't look like a Verisign serial number (theirs are always 128 bits long), is it possible to see the issuer certs from the details page?  Anyway, yes, the cert from comment #4 is very suspicious.  I'm not on the dev-tech-crypto list but I hope the matter is being pursued offline, including with law enforcement if appropriate.
Comment 26 Kayla 2008-12-24 01:13:55 PST
(In reply to comment #25)
> No wait, if I'm reading the thread right, comment #5 is the correct Paypal
> certificate supplied by Jonathan, and comment #4 is extracted from Kayla's
> screen shot.  The serial number in it doesn't look like a Verisign serial
> number (theirs are always 128 bits long), is it possible to see the issuer
> certs from the details page?  Anyway, yes, the cert from comment #4 is very
> suspicious.  I'm not on the dev-tech-crypto list but I hope the matter is being
> pursued offline, including with law enforcement if appropriate.

Does anyone think I should go to the law enforcement? I just thought I kinda sorta was in the wrong by using the internet without asking. BUT they are putting it out there for anyone to use by unlocking it. I guess they are fishing in a way....Still nothing out of the ordinary. I had to reformat my computer AGAIN because I got a bug. I'm beginning to think it is from the person's internet I am using. Is that possible???

Thanks for everyone's help in the matter
Comment 27 Jamie 2008-12-25 23:23:21 PST
I'd be cautious about notifying the police that you have been using someone else's wifi without permission, as there are potential legal consequences (it seems).
http://news.cnet.com/8301-10784_3-9722006-7.html
J

Note You need to log in before you can comment on or make changes to this bug.