security issue: DigiNotar root certificate hacked
Ansar Mohammed
ansarm-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org
Wed Sep 7 16:05:36 UTC 2011
This is most unfortunate.
http://en.wikipedia.org/wiki/DigiNotar
" July 10, 2011, DigiNotar issued a
certificate<http://en.wikipedia.org/wiki/Certificate_(cryptography)>for
Google <http://en.wikipedia.org/wiki/Google> to unknown persons in
Iran<http://en.wikipedia.org/wiki/Iran>that was used for a
man-in-the-middle
attack <http://en.wikipedia.org/wiki/Man-in-the-middle_attack> against
GMail<http://en.wikipedia.org/wiki/GMail>
.[6]<http://en.wikipedia.org/wiki/DigiNotar#cite_note-googleonlinesecurity-5>
[7] <http://en.wikipedia.org/wiki/DigiNotar#cite_note-6> On August 28, 2011,
problems were observed on multiple Internet service
providers<http://en.wikipedia.org/wiki/Internet_service_providers>in
Iran.
[8] <http://en.wikipedia.org/wiki/DigiNotar#cite_note-7> The fraudulent
certificate was posted on pastebin <http://en.wikipedia.org/wiki/Pastebin>.[
9] <http://en.wikipedia.org/wiki/DigiNotar#cite_note-8> According to a news
release by Vasco, DigiNotar had detected an intrusion into its certificate
authority infrastructure on July 19,
2011.[10]<http://en.wikipedia.org/wiki/DigiNotar#cite_note-9>DigiNotar
did not publicly reveal the security breach at the time."
On Wed, Sep 7, 2011 at 11:58 AM, Ted <ted.leslie-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org> wrote:
> On chrome, you locate the cert. , but Delete is not option, so "Edit",
> allows you to uncheck what this cert. verifies.
> Not sure why chrome doesn't allow one to just delete it.
> Thanks for the info. I wonder if this is the first time a root cert got
> hacked?
>
> -tl
>
>
>
> On 09/07/2011 11:48 AM, D. Hugh Redelmeier wrote:
>
>> Much security on the internet is based on a tree of digital certificates.
>> The roots (note plural) are wired-in to browsers.
>>
>> The DigiNotar root certificate has been hacked so it should not be
>> trusted.
>>
>> Browser updates will revoke the DigiNotar certificate.
>>
>> If you cannot update your browser, you can revoke DigiNotar's root
>> certificate by hand. I just did that on my desktop (which is running a
>> Fedora that is no longer supported).
>>
>> In Firefox: Edit: Preferences: Advanced: Encryption: View Certificates:
>> Scan down for DigiNotar.
>> Click on the triangle next to it to open it up.
>> Click on the only cert in it.
>> Click Delete.
>>
>> I think that will do the job. Better would be a Certificate Revocation
>> List (CRL) entry, but I don't know how to do that.
>> --
>> The Toronto Linux Users Group. Meetings: http://gtalug.org/
>> TLUG requests: Linux topics, No HTML, wrap text below 80 columns
>> How to UNSUBSCRIBE: http://gtalug.org/wiki/**Mailing_lists<http://gtalug.org/wiki/Mailing_lists>
>>
>
> --
> The Toronto Linux Users Group. Meetings: http://gtalug.org/
> TLUG requests: Linux topics, No HTML, wrap text below 80 columns
> How to UNSUBSCRIBE: http://gtalug.org/wiki/**Mailing_lists<http://gtalug.org/wiki/Mailing_lists>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://gtalug.org/pipermail/legacy/attachments/20110907/d1c8a852/attachment.html>
More information about the Legacy
mailing list