Browsing Tag: Privacy

Apple has finally released a fix for the certificate trust issue caused by the attack on DigiNotar, more than a week after the fraudulent certificates were identified and other browser vendors moved to revoke trust in them. However, the company did not update the mobile version of Safari to remove the certificates in iOS.

Read more...

Already having revoked trust in the root certificates issued by DigiNotar, Mozilla is taking steps to avoid having to repeat that process with any other certificate authority trusted by Firefox, asking all of the CAs involved in the root program to conduct audits of their PKIs and verify that two-factor authentication and other safeguards are in place to protect against the issuance of rogue certificates.

Read more...

As GlobalSign continues the investigation into the claimed compromise of its CA infrastructure, the attacker who says he breached DigiNotar and Comodo said in another message on Pastebin Wednesday that not only did he hack GlobalSign, but he has the private key used to sign the certificate for the company’s own domain as well as backups of its databases.

Read more...

GlobalSign, a major certificate authority that was named by the hacker who has claimed credit for the DigiNotar hack as another CA he has compromised, has stopped issuing certificates for the time being while it investigates the claims and determines whether its network has in fact been compromised. It also has hired Fox-IT, the same company that investigated the attack at DigiNotar, to perform the audit of its systems.

Read more...

Categories: SMB Security

The fallout from the DigiNotar compromise continued on Tuesday, as Microsoft said it has now revoked its trust of all five of the certificate authority’s root certificates. The update that makes this change is being pushed out to users on all supported versions of Windows. Mozilla also released new versions of Firefox on Tuesday that revoke trust for all of DigiNotar’s certificates.

Read more...

A new report on the security of DigiNotar paints an ugly picture of the certificate authority’s safeguards and network infrastructure, showing that the company had all of its CA servers on one Windows domain and likely failed to separate the critical components on its network, making it easy for the attacker to make his way around the network and into the critical CA servers.

Read more...

The same attacker who claimed to have compromised Comodo in March is now claiming responsibility for the attack on DigiNotar, the Dutch certificate authority that issued fraudulent certificates for several hundred domains in he last few weeks, including Google, Yahoo, Mozilla Add-Ons and several intelligence agencies. In the wake of the widening scandal, the Dutch government has performed an audit of the company’s CA business and browser vendors have revoked trust for the certificates DigiNotar issued for the Dutch government’s PKI.

Read more...