Choose style:

Author Topic: SKS Keyserver Network Under Attack  (Read 180 times)

0 Members and 1 Guest are viewing this topic.

Online VinDSL

  • Global Moderator
  • Hero
  • *****
  • Posts: 5126
  • Karma: 935
  • Peppermint Mod
    • View Profile
  • Peppermint version(s): Developmental Builds
SKS Keyserver Network Under Attack
« on: June 30, 2019, 06:55:55 pm »
Instantly share code, notes, and snippets.

Quote
Executive Summary
In the last week of June 2019 unknown actors deployed a certificate spamming attack against two high-profile contributors in the OpenPGP community (Robert J. Hansen and Daniel Kahn Gillmor, better known in the community as "rjh" and "dkg"). This attack exploited a defect in the OpenPGP protocol itself in order to "poison" rjh and dkg's OpenPGP certificates. Anyone who attempts to import a poisoned certificate into a vulnerable OpenPGP installation will very likely break their installation in hard-to-debug ways. Poisoned certificates are already on the SKS keyserver network. There is no reason to believe the attacker will stop at just poisoning two certificates. Further, given the ease of the attack and the highly publicized success of the attack, it is prudent to believe other certificates will soon be poisoned.

This attack cannot be mitigated by the SKS keyserver network in any reasonable time period. It is unlikely to be mitigated by the OpenPGP Working Group in any reasonable time period. Future releases of OpenPGP software will likely have some sort of mitigation, but there is no time frame. The best mitigation that can be applied at present is simple: stop retrieving data from the SKS keyserver network.

Extra Credit Reading: https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f

Offline perknh

  • Trusted User
  • Hero
  • *****
  • Posts: 3813
  • Karma: 299
  • Soy un huevo, nada más.
    • View Profile
  • Peppermint version(s): Peppermint 10
Re: SKS Keyserver Network Under Attack
« Reply #1 on: June 30, 2019, 09:01:46 pm »
This is serious news.  Did you see this, VinDSL?

https://gist.github.com/rjhansen/f716c3ff4a7068b50f2d8896e54e4b7e

Here's something that caught my eye.:

Quote
Special criticism goes to the Electronic Frontier Foundation, which paid Micah Lee to publish premade attack tools to exploit these design misfeatures in the keyserver network. Oh, sure, "academic freedom" and "it was about research". I don't know if Micah's trollwot toolkit was used in the most recent attacks. I know that if I was writing an attack tool that's where I'd start from.

Academic freedom should not be construed as permission to publish attack tools against a critical service with known vulnerabilities. Publishing a proof of concept is great and completely within the bounds of acceptable behavior. Publishing attack code is not.

Thanks for nothing, EFF.

--  rjhansen


We're all Peppermint users and that's what matters  ;).  -- AndyInMokum

Online VinDSL

  • Global Moderator
  • Hero
  • *****
  • Posts: 5126
  • Karma: 935
  • Peppermint Mod
    • View Profile
  • Peppermint version(s): Developmental Builds
Re: SKS Keyserver Network Under Attack
« Reply #2 on: June 30, 2019, 09:58:59 pm »
Unbelievable, huh? But, true...  ::)