<div>This is most unfortunate. </div><div><a href="http://en.wikipedia.org/wiki/DigiNotar">http://en.wikipedia.org/wiki/DigiNotar</a></div><div> </div><div>" July 10, 2011, DigiNotar issued a <a class="mw-redirect" title="Certificate (cryptography)" href="http://en.wikipedia.org/wiki/Certificate_(cryptography)">certificate</a> for <a title="Google" href="http://en.wikipedia.org/wiki/Google">Google</a> to unknown persons in <a title="Iran" href="http://en.wikipedia.org/wiki/Iran">Iran</a> that was used for a <a title="Man-in-the-middle attack" href="http://en.wikipedia.org/wiki/Man-in-the-middle_attack">man-in-the-middle attack</a> against <a class="mw-redirect" title="GMail" href="http://en.wikipedia.org/wiki/GMail">GMail</a>.<sup id="cite_ref-googleonlinesecurity_5-0" class="reference"><a href="http://en.wikipedia.org/wiki/DigiNotar#cite_note-googleonlinesecurity-5"><font size="2"><span>[</span>6<span>]</span></font></a></sup><sup id="cite_ref-6" class="reference"><a href="http://en.wikipedia.org/wiki/DigiNotar#cite_note-6"><font size="2"><span>[</span>7<span>]</span></font></a></sup> On August 28, 2011, problems were observed on multiple <a class="mw-redirect" title="Internet service providers" href="http://en.wikipedia.org/wiki/Internet_service_providers">Internet service providers</a> in Iran.<sup id="cite_ref-7" class="reference"><a href="http://en.wikipedia.org/wiki/DigiNotar#cite_note-7"><font size="2"><span>[</span>8<span>]</span></font></a></sup> The fraudulent certificate was posted on <a title="Pastebin" href="http://en.wikipedia.org/wiki/Pastebin">pastebin</a>.<sup id="cite_ref-8" class="reference"><a href="http://en.wikipedia.org/wiki/DigiNotar#cite_note-8"><font size="2"><span>[</span>9<span>]</span></font></a></sup> According to a news release by Vasco, DigiNotar had detected an intrusion into its certificate authority infrastructure on July 19, 2011.<sup id="cite_ref-9" class="reference"><a href="http://en.wikipedia.org/wiki/DigiNotar#cite_note-9"><font size="2"><span>[</span>10<span>]</span></font></a></sup> DigiNotar did not publicly reveal the security breach at the time."</div>
<div> </div><div><br><br> </div><div class="gmail_quote">On Wed, Sep 7, 2011 at 11:58 AM, Ted <span dir="ltr"><<a href="mailto:ted.leslie@gmail.com">ted.leslie-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org</a>></span> wrote:<br><blockquote style="margin: 0px 0px 0px 0.8ex; padding-left: 1ex; border-left-color: rgb(204, 204, 204); border-left-width: 1px; border-left-style: solid;" class="gmail_quote">
On chrome, you locate the cert. , but Delete is not option, so "Edit", allows you to uncheck what this cert. verifies.<br>
Not sure why chrome doesn't allow one to just delete it.<br>
Thanks for the info. I wonder if this is the first time a root cert got hacked?<br>
<br>
-tl<div><div></div><div class="h5"><br>
<br>
<br>
On 09/07/2011 11:48 AM, D. Hugh Redelmeier wrote:<br>
<blockquote style="margin: 0px 0px 0px 0.8ex; padding-left: 1ex; border-left-color: rgb(204, 204, 204); border-left-width: 1px; border-left-style: solid;" class="gmail_quote">
Much security on the internet is based on a tree of digital certificates.<br>
The roots (note plural) are wired-in to browsers.<br>
<br>
The DigiNotar root certificate has been hacked so it should not be<br>
trusted.<br>
<br>
Browser updates will revoke the DigiNotar certificate.<br>
<br>
If you cannot update your browser, you can revoke DigiNotar's root<br>
certificate by hand. I just did that on my desktop (which is running a<br>
Fedora that is no longer supported).<br>
<br>
In Firefox: Edit: Preferences: Advanced: Encryption: View Certificates:<br>
Scan down for DigiNotar.<br>
Click on the triangle next to it to open it up.<br>
Click on the only cert in it.<br>
Click Delete.<br>
<br>
I think that will do the job. Better would be a Certificate Revocation<br>
List (CRL) entry, but I don't know how to do that.<br>
--<br>
The Toronto Linux Users Group. Meetings: <a href="http://gtalug.org/" target="_blank">http://gtalug.org/</a><br>
TLUG requests: Linux topics, No HTML, wrap text below 80 columns<br>
How to UNSUBSCRIBE: <a href="http://gtalug.org/wiki/Mailing_lists" target="_blank">http://gtalug.org/wiki/<u></u>Mailing_lists</a><br>
</blockquote>
<br>
--<br>
The Toronto Linux Users Group. Meetings: <a href="http://gtalug.org/" target="_blank">http://gtalug.org/</a><br>
TLUG requests: Linux topics, No HTML, wrap text below 80 columns<br>
How to UNSUBSCRIBE: <a href="http://gtalug.org/wiki/Mailing_lists" target="_blank">http://gtalug.org/wiki/<u></u>Mailing_lists</a><br>
</div></div></blockquote></div><br>