It looks like you're using an Ad Blocker.

Please white-list or disable AboveTopSecret.com in your ad-blocking tool.

Thank you.

 

Some features of ATS will be disabled while you continue to use an ad-blocker.

 

An unknown Rootkit included in Firefox?

page: 1
5

log in

join
share:

posted on Apr, 6 2010 @ 07:26 PM
link   
It may be nothing.

On the other hand, who can say for sure?


April 6th, 2010

Unknown root certificate found in Firefox

Link to reviewer source



Thank you Kathleen Wilson... whoever you are.....

Source



I propose that the "RSA Security 1024 V3" root certificate authority be
removed from NSS.

OU = RSA Security 1024 V3
O = RSA Security Inc
Valid From: 2/22/01
Valid To: 2/22/26
SHA1 Fingerprint:
3C:BB:5D:E0:FC: D6:39:7C:05:88:E5:66:97:BD:46:2A:BD:F9:5C:76

I have not been able to find the current owner of this root. Both RSA
and VeriSign have stated in email that they do not own this root.

Therefore, to my knowledge this root has no current owner and no current
audit, and should be removed from NSS.

I have also filed a bug for this:
bugzilla.mozilla.org...

I am now opening this proposal up to public discussion. Please respond
to this discussion if you have any knowledge of this root that would
help in making this decision.

By the way, To see the complete list of all of the root certificate
authorities that are included in NSS, and who currently owns/operates
them, go to www.mozilla.org... and click on
the "List of all included root certificates" link. This will display the
public and published version of a spreadsheet that I maintain. There is
a column called "Company Website" which indicates the current owner of
each root.

Kathleen



It may seem paranoid... but with Big Media and Government increasingly intertwined, I'd rather not ponder how such a root certificate might be used.


This is a significant security isse [sic] since digital certificates rely on a chain of trust, and the trust anchor for digital certificates is the Root Certificate Authority (CA). Specifically, web browsers use root certificates to verify identities used for secure web connections. However, the users of web browsers have to rely on the browser publisher to make sure that these root certificates are valid. The fact that Firefox contains a root certificate where the current owner is unknown (at this time at any rate) is a little worrying.

Trust no one …


Trust no one.... indeed.

[edit on 6-4-2010 by Maxmars]




posted on Apr, 6 2010 @ 07:48 PM
link   
Wow, have you actually looked at all the Root Certificates in FireFox?

There are a few that I raise a brow at.



posted on Apr, 6 2010 @ 07:52 PM
link   
reply to post by Maxmars
 


This is something to look into, because by them saying that they don't know who owns it and firefox isn't talking tells me that they do know and aren't allowed to tell (NSA).



posted on Apr, 6 2010 @ 07:56 PM
link   

Originally posted by hoghead cheese
reply to post by Maxmars
 


This is something to look into, because by them saying that they don't know who owns it and firefox isn't talking tells me that they do know and aren't allowed to tell (NSA).



I didn't want to be the first to say it....



posted on Apr, 6 2010 @ 07:57 PM
link   
UPDATE:

FALSE ALARM:



In the referenced post, Kathleen has just added the following:

>I have received email from official representatives of RSA confirming
>that RSA did indeed create the "RSA Security 1024 V3" root certificate
>that is currently included in NSS (Netscape/Mozilla) and also in Apple's
>root cert store.


talkback.zdnet.com...

OR maybe they were holding a gun to her head !!!!
or maybe they were holding a gun to RSA to claim it !!!!

and confirmed again here

www.theregister.co.uk...

[edit on 6-4-2010 by boondock-saint]



posted on Apr, 6 2010 @ 08:02 PM
link   
Just go into the settings and remove all its trust bits.

Trust no one



posted on Apr, 6 2010 @ 08:15 PM
link   
Well... thank you for making the news instantaneous for me.



posted on Apr, 6 2010 @ 08:19 PM
link   
Fair enough, but why is this one there?

Government Root Certification Authority
Taiwan GRCA Builtin Object Token



posted on Apr, 6 2010 @ 08:28 PM
link   
Frankly, the whole nature of the rootkit's development concerns me.

I understand the reasons it is a valuable 'tool' but that fact also makes it a terrible vulnerability.



posted on Apr, 6 2010 @ 08:40 PM
link   
reply to post by Maxmars
 


I concur, a medical term comes to mind that seems rather associative.

The terms iatrogenesis and iatrogenic artifact refer to inadvertent adverse effects or complications caused by or resulting from medical treatment.

If that makes sense.



posted on Apr, 6 2010 @ 08:45 PM
link   
reply to post by UberL33t
 




From Ancient Greek ἰατρός (iatros), “‘doctor’”) + -genic.
[edit] Adjective

iatrogenic (comparative more iatrogenic, superlative most iatrogenic)

Positive
iatrogenic

Comparative
more iatrogenic

Superlative
most iatrogenic

1. (medicine, of a disease etc.) Induced by the words or actions of the physician.
* 2003, Michael L. Raulin, Abnormal Psychology, Pearson Education, Inc. (2003), p. 494,

Another group argues that the diagnosis is being overused and that many of the diagnosed cases are iatrogenic, or unintentionally shaped or caused by the practitioner (Lilienfeld et al., 1999; Spanos, 1994). (boldface in original)


Most appropriate in form, yes. But I suppose this would call for the creation of a new 'form:'

iatroprogrammatic or progamatigenic

'nes pa?


Ooops - forgot the link

[edit on 6-4-2010 by Maxmars]



posted on Apr, 6 2010 @ 09:02 PM
link   
reply to post by Maxmars
 


Indeed!

2nd (line & the aforementioned
)



posted on Apr, 6 2010 @ 09:05 PM
link   

Originally posted by Maxmars
Frankly, the whole nature of the rootkit's development concerns me.

I understand the reasons it is a valuable 'tool' but that fact also makes it a terrible vulnerability.



What is a worst case scenario with this rootkit? What kind of potential threat are we looking at here? Sorry, Im not very computer savvy.



posted on Apr, 6 2010 @ 10:07 PM
link   
the R button is only 2 buttons away from the N button.



!!!!!



posted on Apr, 6 2010 @ 10:08 PM
link   
reply to post by AzoriaCorp
 


It's not really my specialty, but rootkits or "root certificates" are a means to preempt your operating systems behavior, having a potential to be equivalent to a program or series of commands that runs runs on your PC in such a way as to be invisible and virtually undetectable to anyone (save hacking experts).

A while back there was a controversy of sorts when several companies started 'inserting' these root kits into user software surreptitiously, the effect was to have your PC "phone home" so to speak with data about the user going to the companies or their associates without consent.

The software industry's solution? Insert text into the user agreement or the software license indemnifying them of responsibility.... but they DID stop the practice.... or so we're told.

If I got this wrong please don't hesitate to correct me... this is just my general impression and not meant to be an authoritative explanation.



posted on Apr, 6 2010 @ 10:26 PM
link   
blog.mozilla.com...

They are removing it. They posted the statement today.



posted on Apr, 6 2010 @ 11:42 PM
link   
Please everyone stop confusing "root kits" with "root certificates". Before going further in this thread we are dealing with "ropot certificates" and NOT "root kits". If you have a root kit installed, you want to get rid of it as fast as possible. Its more or less a virus, though of a tougher kind.
Rootkit Wiki

Root certificates on the other hand is not of as much concern. You need to have a root certificate of the Issuing authority Installed if your browser is to identify SSL (or other) certificates which have been issued by that authority.
Say you go to websiteA which has an ssl certificate which was given to them by lets say Thwate. Then you need a root certificate for thwate in order to verify that the certificate that websiteA is showing your browser is actually a valid certificate provided by the said company (Thwate).

heres a little detail of root certificate en.wikipedia.org...

Yeah I know the links are to Wiki, but I have working knowledge of this stuff and the articles are accurate as of the linking.

There are some issues that can occur with this, but not enough to be alarmed by.


[edit on 6-4-2010 by kaleshchand]



new topics

top topics



 
5

log in

join