Browsing Tag: vulnerabilities

Diginotar Keeping Tor Project In The Dark On Fraudulent Certificates

A co-founder of The Tor Project says his organization is being kept in the dark about the status of a dozen fraudulent SSL certificates issued in its name by a compromised root server operated by Diginotar. The bogus certificates could be used to carry out man in the middle attacks, or trick unsuspecting Internet users into downloading a compromised version of the Tor anonymity software.

Read more...

New Versions of Chrome and Firefox Disable DigiNotar Root

Mozilla has released version 6.01 of its Firefox browser, which now removes the compromised DigiNotar root certificate from the list of trusted roots. The move comes just two days after security researchers discovered that the Dutch company had issued a valid wildcard certificate for Google to an unknown third party.

Read more...

Black Hat: SSL and the Future of Authenticity

The inherent problems with the certificate authority infrastructure have been known for a long time, but they’ve become even more obvious with the news of the recent compromise of DigiNotar, which resulted in the issuance of a slew of fraudulent SSL certificates. In this talk from the Black Hat USA conference earlier this month, Moxie Marlinspike discusses the issues with CAs and his suggestion to replace the whole infrastructure.

Read more...

Weaknesses in Webkit Becoming Problematic

Attackers interested in getting the most bang for their buck focus on ubiquitous software. Microsoft’s Office, Adobe’s Acrobat and Oracle’s Java have all become popular platforms exploited by cybercriminals intent on compromising end users’ systems. Another platform has quietly made its way onto many systems and become the focus of security researchers, if not cybercriminals: Webkit.

Read more...