Hacker News new | past | comments | ask | show | jobs | submit login

What seems to be happening with Windows is that Microsoft is making the machine more a slave of their services with each new release. It's as if they're trying to catch up with Chromebooks, which are totally slaved to Google. Especially since Windows 10 is free with ads. Treating the local certificate store as a cache to the main certificate store at Microsoft HQ is consistent with this.

How difficult it is to hijack the link between the local and remote certificate stores? That's a potential attack surface. It's not hard-coded; it's a registry key (Software\Microsoft\SystemCertificates\AuthRoot\AutoUpdate). The default URL is "ctldl.windowsupdate.com".

So what protects that domain from being hijacked via DNS poisoning? It ought to have a valid SSL cert, right? Well, no. Go to "https://ctldl.windowsupdate.com/":

    ctldl.windowsupdate.com uses an invalid security certificate.

    The certificate is only valid for the following names:
    a248.e.akamai.net, *.akamaihd.net, *.akamaihd-staging.net,
    *.akamaized.net, *.akamaized-staging.net  
    (Error code: ssl_error_bad_cert_domain)
Uh oh. Am I missing something, or are root certs downloaded over an unsecured channel?



They are transmitted over an unencrypted channel, but the CTL files themselves (authroot.stl and disallowedcert.stl) are signed by Microsoft so it's fine. Any modification in transit can be detected and presumably will cause them not to be updated.


So an attacker could return an old "disallowedcert.stl" to re-activate a revoked cert?


It would be interesting to try. There's a sequence number in the CTL which could prevent this type of attack, but I don't know if it's actually checked against that which is currently stored.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: