Աշխարհում այդքան մեծ տարածում գտած ֆիշինգը, որի մասին արդեն գրել եմ այստեղ, ահռելի վնասներ է հասցնում բոլոր այնպիսի կազմակերպություններին, ովքեր օնլայն ծառայություններ են մատուցում մարդկանց` օր. Paypal-ը: Թվում էր, թե լուծումը, որպես այդպիսին գտնված է, և այսպես կոչված EV(Extended Validation) սերտիֆիկատները,որոնցից կարող եք ձեռք բերել նաև արդեն Հայաստանում` Apaga Technologies ընկերությունից, պետք է զերծ պահեին մեզ ֆիշինգի երևույթից: Բայց պարզվում է, որ մուտք փնտրողը միշտ էլ գտնում է իր ճանապարհը: Նախ մի քիչ պատմեմ EV սերտիֆիկատների մասին, հետո հակիրճ կներկայացնեմ որոշակի թերություններ:
Ինչպես արդեն նշել եմ ֆիշինգի մասին իմ հոդվածում, շատ հաճախ մարդկանց ուղղակի կարող են խաբել, և պարզապես ուղարկելով մեկ հատիկ կեղծ նամակ` դրդելով նրանց իրենց ձեռքով ներմուծել իրենց գաղտնի ինֆորմացիան այնտեղ, որտեղ պետք չէ դա անել: Հենց այդ նպատակով էլ ստեղվել են EV սերտիֆիկատները, որոնք այնքան վառ են պատկերում իրական կայքի տիրոջ մասին ինֆորմացիան, որ դա չնկատել ուղղակի հնարավոր չէ: 
Հենց բրաուզերի url-ի տողում կանաչ ֆոնի վրա գրվում են կայքի իրական տիրոջ անվանումը և որոշակի այլ տվյալներ: Այսպիսով, օգտագործողներ, տեսնելով բրաուզերի կանաչ տողը, կարող են համոզված լինել, որ իրենք գտնվում են վստահելի կայքում, օրինակ իրենց բանկի կայքում, և կարող են հանգիստ այդ կայքում ներմուծել իրենց հաշվեհամարի որոշակի տվյալներ: Իրականում EV սերտիֆիկատի միակ արժանիքը բրաուզերի կանաչ տողը չէ, փոխվել են նաև տվյալների կոդավորման եղանակները, բայց հասարակ օգտվողների համար առաջնայինը արտաքին տեսքով տարբերվող և վստահություն ներշնչող կանաչ տողն է:
Այս կարևորագույն հանգամանքը հաշվի առնելով էլ, դեռևս 2008-ի մարտին Paypal-ը իր բոլոր օգտագործողներին խորհուրդ տվեց հեռու մնալ Safari բրաուզերից, քանի որ այդ բրաուզերում EV սերտիֆիկատները չէին պատկերվում և կանաչ տողը չէր երևում:
Այս ամենը իհարկե շատ լավ է ու վստահություն ներշչող, բայց դեռևս 2009-ի մարտին, երկու անվտանգության մասնագետներ Ալեքս Սոտիրովը և Մայք Զուսմանը հայտնաբերել են, որ նախկինում MitM(Man in the Middle) հարձակումներից ապահով համարվող EV սերտիֆիկատն իրականում այդքան էլ ապահով չէ: Ավելի ճիշտ, ոչ թե սերտիֆիկատն է վտանգի ենթարկվող, այլ դեռևս բազմաթիվ բրաուզերների թերությունների պատճառով իրականում MitM հարձակումները հնարավոր են` պահպանելով բրաուզերի վրայի կանաչ ֆոնը: Այս մասին նրանք հայտնել են դեռևս 2009-ի մարտին Վանքուվերում կայացած CanSecWest կոնֆերենցիայի ժամանակ:
Հետագայում ավելի մանրամասն կգրեմ MitM հարձակումների մասին, հիմա պարզապես նշեմ որ դրա իմաստը կայանում է SSL սերտիֆիկատի կեղծումը:
Ինչ վերաբերում է EV սերտիֆիկատներին, մասնագետների խոսքով նրանց դեպքում էլ հիմնական գործողությունը SSL սերտիֆիկատի կեղծումն է, որը կատարելը այդքան էլ դժվար չէ: Հետո, երբ արդեն հաքերն ունի կեղծ սերտիֆիկատ, թողնում է, որպեսզի այցելուն մտնի իրական կայքը, տեսնի բրաուզերի կանաչ տողը, վստահ ներմուծի իր տվյալները, և հենց այդ ժամանակ, նա փոխարինում է սերտիֆիկատը իր ունեցածով, որը թույլ է տալիս էջում ցուցադրել java-script կոդ կամ որոշակի այլ ինֆորմացիա: Դե իսկ բրաուզերը շարունակում է ցույց տալ կանաչ տողը, չհասկանալով փոփոխված սերտիֆիկատի գոյությունը:
Այսուհանդերձ Սոտիրովը նշում է, որ EV սերտիֆիկատները եղել և մնում են դեռևս ամենաանվտանգը, բայց քանի դեռ բրաուզերները չեն վերացրել իրենց թերությունները գույների տարբերակման հետ կապված` մենք չենք կարող ամբողջովին վստահ լինել, որ կանաչ տողը երաշխավորում է մեր անվտանգությունը:
Գուցե բրաուզերներն արդեն շտկել են իրենց թերությունները, կամ արդեն պատրաստվում են: Դեռ կգրեմ այս մասին:
Վարդան Գրիգորյան / blog.grigoryan.biz
Компании, выпускающие уязвимые сертификаты
* RapidSSL
C=US, O=Equifax Secure Inc., CN=Equifax Secure Global eBusiness CA-1
* FreeSSL (бесплатные временные сертификаты, предлагаемые RapidSSL)
C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Network Applications
* TC TrustCenter AG
C=DE, ST=Hamburg, L=Hamburg, O=TC TrustCenter for Security in Data Networks GmbH, OU=TC TrustCenter Class 3 CA/emailAddress= certificate@trustcenter.de Этот e-mail адрес защищен от спам-ботов, для его просмотра у Вас должен быть включен Javascript
* RSA Data Security
C=US, O=RSA Data Security, Inc., OU=Secure Server Certification Authority
* Thawte
C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA/emailAddress= premium-server@thawte.com Этот e-mail адрес защищен от спам-ботов, для его просмотра у Вас должен быть включен Javascript
* verisign.co.jp
O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign International Server CA – Class 3, OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign
Какие существуют средства защиты?
* В качестве временного решения рекомендуется максимально ограничить количество центров сертификации, которым вы доверяете, и исключить из списка доверенных центры сертификации, перечисленные выше.
* Все подробности уязвимости не разглашены, поэтому вероятность подобной атаки уменьшается.
* Сертификат, который использовался для демонстрации уязвимости, является просроченным.
* Компании могут настроить OSCP сервер и отозвать потенциально опасные сертификаты. Внимание, фальшивый сертификат может содержать некорректные данные о CRL и такой сертификат будет проблемно отозвать.
es saytum inchi norutyunner chen avelanum
Sorry for the huge review, but I’m really loving the new Zune, and hope this, as well as the excellent reviews some other people have written, will help you decide if it’s the right choice for you.
think. Thank you for share very|Thank you for sharing I wish I could go somwhere.|Thanks very good for report, I follow your blog|Hello everyone thanks for
Nice Advice . Does one mind basically refer to this particular put up in my site. You to your blogging site will obviously have the credit scores
Terrific blog site! I must say i enjoy the simplest way it truly is relating to our eye lids and the facts are very well developed. My group is asking how i is probably acquainted if a different put up has been created. Relating to fell to the rss which inturn have got to do just fine! Have got a decent time of day!
We’d would suggest connection to your particular web page. Optimization web sites by page not by means of entirely online site. Incase you hub your current post to your own web site on the blogging site, after which you can through the content, design yet another inbound point weblink to your domain name. This particular translates into far better backlinking and elevate higher rating to your internet websites. I get a several web pages with doing this whereas in the quite quite short while it are able to position extremely high in the search engines browser’s search engine, naturally people webpages are generally less competitiveness specialised niche, nevertheless are able to combat tons and in some cases two or three scores web page around. The linking play a part way too.
Your effort is actually appriciated.
I just found your blog post and also rapidly scanned along. We discovered numerous strange responses, however typically I simply agree with the other commenters assert. With the amount of greatgreat evaluations of this website, I believed that i also needs to begin and tell you just how I must say i enjoyed scanning this your articles. Therefore i think this would be our very first remark: “I can see you have built several important factors. Made men and women might in fact think about it how we simply did. Now i’m truly impressed there’s a great deal relating to this issue which has been found and you also made it happen therefore well, with a lot course!”
good information.}
Most are excellent tips and hints this I am going to try out, I’m sure relieved I ran into it all. Appreciate it.
intriguing website
Hello! I simply wanted to imply your blog is among the correctly created, most inspirational I have found around a while. Thx!
Your energy can be appriciated.
superb websites.
Very helpful, thanks.
you so much!|Good article Thank you so much |Thanks for this useful article.|Nice content. Thank you for your information.|Thank you for your great
Helpful article . . . In relation to my personal feed-back are not junk
blank ))
Recently i came across your blog publish and still have been recently looking at coupled. You can find several weird feedback, however for the most part I must believe what the additional rewiewers are generally composing. Experiencing numerous greatgreat reviews associated with this web site, I thought that I will furthermore connect and also explain how I must say i liked perusing this your content. Therefore i think this would help make our very first remark: “I can see you’ve built some really exciting points. Not too many people would likely in fact consider this the method that you simply does. Now i’m really impressed there’s so much concerning this matter that is bare and you achieved it therefore well, with much class!”
wats ” up ” dude hows it running
Gadhafi is dead!
Though we may believe Gadhafi is a “bad guy” as potrayed by the media, in actual fact, he has helped his citizens and many more! Just search for “Qaddafi truth libya nato” (without quotes) in Youtube to learn the truth that the media is hiding from us!
Enjoyable document. Were being do you still have all of the files from
I recently discovered your blog publish and also have been looking at along. I have come across many unusual responses, nevertheless generally We firmly believe what are the some other commenters assert. Seeing so many wonderfulgreat testimonials of this site, I figured that i should also jump in and also explain how I loved reading this post. So i think this may help make my own first review: “I can see that you’ve made a number of actually exciting things. Certainly not a lot of people would likely truly contemplate it the method that you just would. Now i’m genuinely pleased that there is much about this topic that has been discovered and you also did it consequently well, with a lot course!”
Good day, I recently attempted to e-mail everyone in connection with publish although cannot really contact people. Remember to inbox myself at any time buy a occasion. Adios for now.
Very good taking the time to help with making pay off the terminlogy in the newcomers!
I must thanks for the actual attempts you’ve got made in developing this site posting. I am hoping the identical decent material within you at some point at the same time. Actually ones own resourceful penning skills contains enlightened everybody to start by my own, personal web log. Truly the blogging for cash is certainly distributing their wings rapidly. Your own write up ?s really a okay type of the following.
I just found your site submit and rapidly scanned alongside. My partner and i noticed numerous weird remarks, yet in most cases I simply agree with what the various other commenters say. With the amount of greatgreat testimonials of this website, I figured that we should also jump in and explain how I must say i loved perusing this your articles. And so i think this is our very first comment: “I can see you’ve made a few interesting factors. Made people would likely really contemplate it how you only do. Now i’m genuinely impressed there’s much about it subject that is uncovered and also you did it so properly, with so much training!”
We’d would suggest hyperlink to your particular internet site. Optimization webpages by just web page definitely not through whole website. When one hub your current piece of writing for your web page inside the blogging site, after which you can out of your posting, produce one more incoming anchorman url towards your domain. This particular results in more suitable backlinks along with supercharge larger status from your websites. I get a handful of internet pages that way plus pretty little though it may rank well top online seo, certainly some of those online websites are generally a lesser amount of level of competition subject, but nonetheless could overcome tons as well as one or two a huge number web pages available. It associating play a role far too.
I am in fact for being in conclusion posting on-line in any case a majority of these quite a few years. There really isn’t any mystique (sp) relating to this, its possible? I just abandoned as a result of your blog together to post a little something. I’m a modern education grad, journalism big if you should have to know, and that i totally enjoy digital photography training. Legal herbal buds gotten my own site up but it’s absolutely nothing to feature approximately but. It’s unlikely that any of a stuff’s already been published. Shortly simply because Document learn how to accomplish that, I’m going to pay out your mid-day posting this most excellent vaccinations. anyhow simply just considered I had decrease some sort of line. Hopefully to send back with increased major junk, information you can begin using. SPG
Articles wow… it’s very wonderful report. |i have enjoyed reading thank for sharing your story Greeting.|thanks for this great post wow… it’s very
Great blog post ! I must find out at the time you update your blog, you believe sign up for your blog?.The following served me a whole lot. I had been tad aware over it however , this page provided sharp approach
the report – most informative thanks|I enjoy reading the report, too. It′s easy to understand that a journey like this is the biggest event in ones
Effectively… being completely sincere, My partner and i wasn’t looking to locate these kinds of info in error, since I did so, simply because I simply identified this informative article even though I had been actually owning a look on Aol, seeking one thing really shut however, not exactly the same… However now I am just more than happy to learn this along with I’d like to bring that your own viewpoint is very exciting though a little bit questionable towards the identified… I’d personally declare it is around available argument… but Now i’m worried to make you my personal enemy, haya, ha, ‘… Anyhow, if you wanna chat more to do with it, please answer my personal review as well as I’ll make sure to join in order that I will be advised and then give back for more… The friend
clean. I’m very lucky to get this information from you.|great information you write it very clean. I am very lucky to get this tips from you.|very well
i’ve got included a discuss your content,we can turn around having link exchange
|I searched for something completely different, but found your website! And have to say thanks. Nice read. Will come back.|Thank you very much for the information great post, found it on Yahoo.|I hope you will keep updating your content constantly as you have one dedicated reader here.|Of course, what a great site and informative posts, I will add backlink – bookmark this site? Regards, Reader.|I agree with your Blog and I will be back to check it more in the future so please keep up your work. I love your content & the way that you write. It looks like you’ve been doing this for a while now, how long have you been blogging for?|After reading you site, Your site is very useful for me .I bookmarked your site!|Good share,you article very great, very usefull for us…thank you|Thanks for sharing this. |Very good sharing this. |Nice|Great sharing this. |Really good sharing this. |Good|Story, i enjoyed sharing this.|Enjoyed reading
a variety of dias! a new la madre, sigues minus dialup?
Good day, We have a look at every one of your writings, keep these things returning.
This is getting a bit more subjective, but I much prefer the Zune Marketplace. The interface is colorful, has more flair, and some cool features like ‘Mixview’ that let you quickly see related albums, songs, or other users related to what you’re listening to. Clicking on one of those will center on that item, and another set of “neighbors” will come into view, allowing you to navigate around exploring by similar artists, songs, or users. Speaking of users, the Zune “Social” is also great fun, letting you find others with shared tastes and becoming friends with them. You then can listen to a playlist created based on an amalgamation of what all your friends are listening to, which is also enjoyable. Those concerned with privacy will be relieved to know you can prevent the public from seeing your personal listening habits if you so choose.
hope can know much information About it!|Thank you for Posting & I got to read nice information on your site.|Thank you for useful info.
|Thanks for this
Awesome blog.
Anyway regarding the Gadhafi comments… I agree. NATO is an evil organization that serves no purpose. “Money” and “Oil” are their main objective.
Articles wow… it’s very wonderful report. |i have enjoyed reading thank for sharing your story Greeting.|thanks for this great post wow… it’s very
Once I originally commented I clicked the -Notify me when new feedback are added- checkbox and now each time a comment is added I get four emails with the same comment. Is there any means you possibly can take away me from that service? Thanks!
life.|Good journey and experience!|Great journey and experience!|Very good journey and experience!|Wonderful journey and experience!|good information you
I recently stumbled on your site submit and possess recently been reading through along. I discovered quite a few strange comments, yet in most cases I simply accept what the other rewiewers are saying. Considering the variety of nicegreat evaluations of this site, I was thinking i should also jump in and also let you know that I enjoyed reading this post. I really think this may be my personal 1st opinion: “I can see that you’ve built a number of truly intriguing factors. Not too many men and women would certainly really look at this the method that you just does. I am just actually satisfied that there is so much about this issue that were revealed so you made it happen so nicely, with much training!inch
Good article ! I must acknowledge when you update your blog, can anyone help me enroll in your site?.The software served to us a large amount. I’d been minute aware regarding this but yet your post gave me obvious notion
Hey! I could have sworn I’ve been to this website before but after reading through some of the post I realized it’s new to me. Nonetheless, I’m definitely delighted I found it and I’ll be bookmarking and checking back often!
I merely stumbled upon your short article along with quickly scanned alongside. I have come across several strange feedback, nevertheless typically I must believe what the other commenters are saying. Seeing countless nicegreat evaluations with this web site, I believed that I would furthermore connect and tell you that I really loved perusing this publish. So i believe this would be my own very first remark: “I consider you’ve built a few genuinely insightful points. Made folks would certainly really think about this the method that you only did. Now i’m genuinely satisfied that there are a lot about this topic that have been discovered and you also made it happen thus properly, with much course!inch
Properly… for being altogether true, My spouse and i failed to expect to uncover this sort of facts by mistake, while I did, due to the fact I just discovered your own content although I was basically doing an investigation about Aol, looking to find a thing incredibly close but not the exact same… Having said that at this point I am above happy to see clearly and Let me add that the understanding is rather interesting even though a bit suspect for you to my preferences… I’d personally fairly claim it must be nearly issue… however Now i’m reluctant to enable you to an enemy, ‘, ‘, ‘… Anyhow, in case you want to speak more about this, i highly recommend you respond to my personal thoughts plus I am going to you should definitely subscribe to ensure that I’ll be warned and come again in charge of additional…
Great, that is some tips i is deciphering for the purpose of! You may conserved all of us a lot of searching near