September 6, 2011 | Digital Security

locks

This is a little technical, but it affects your ability to access secure sites without anybody seeing what you’re doing.

DigiNotar, a Dutch provider of SSL certificates, has been hacked, and hacked well and good. The hackers then created rogue SSL certificates, which can be used to impersonate actual, well-known websites, like google.com.

The total number of compromised domains is now an amazing 531 (yes, five hundred thirty-one). That includes Facebook, Yahoo!, Microsoft, Skype, Twitter, Tor, WordPress, the CIA, Mossad, MI6, and others. The Dutch government also said it couldn’t guarantee the security of its own government sites.

What to do about it

There’s something built into the secure certificates system which is supposed to mitigate the harm done in situations like this: certificate revocation. When a certificate authority (an issuer of SSL certificates) finds out that its certs have been compromised, it can issue a revocation notice.

Browsers are supposed to check for such notices before using a certificate. (In Google Chrome, there’s an option “Check for revocations”.) Theoretically, all should be fine, since DigiNotar has revoked the certificate.

But browser distributors have also done some updates of their own so that users of the latest browser versions will get a warning if they try to visit a site signed with a DigiNotar certificate.

So be sure you’re using the latest browser version.

Resources

Slashdot
Net Security
Nine News
Wikipedia has a good overview


If you liked this article

If you liked this article, don’t forget to subscribe for updates!

Subscribe to New Articles by RSS or E-mail

Get updates by RSS (What’s RSS?)

Subscribe by email:

Follow me on Twitter


Top Incoming Search Terms

"leave a reply" site:http://digitivity.org/ browser certificate hacked browser security certicicates hacked browser ssl hacked can ssl be hacked certificate hack certificate hack iphones chrome browser certificate revokation digi certificates hacks digi notar digi notar certificate digi notar certificate hack digi ssl hacked diginotar certificate test your browser diginotar hack how diginotar hack iphone diginotar revocation diginotar revokation diginotar security browse java diginotar ssl hack browser security diginotar ssl iphone digit notar security compromised does chrome browser have certification revocation? google digi hack how to hack browser security iphone diginotar iphone ssl hack iphone ssl hacking java diginotar notar digi notar hack notar hacks plastic surgery pittsburgh security ssl hacked site:digitivity.org/ ssl certificate crack browser ssl hack browser 2011 ssl hack chrome ssl hack google ssl hacks ssl security hacked what is digi notar

Related posts:

  1. Google Releases Skipfish Automatic Website Security Scanning Tool Google released a free website scanning tool called Skipfish. Skipfish...
  2. Google Chrome Browser Third Place Behind Internet Explorer and Firefox A new survey is showing that Google’s Chrome browser is...
  3. TechCrunch Blog Gets Hacked Again & WordPress Security The technology blog, TechCrunch--which runs on WordPress, was hacked for...
  4. How to Play a Quicktime Movie That Isn’t Playing in Your Browser Even though Flash FLV movies have become something of an...
  5. Creating a Database in MySQL with MySQL Query Browser on Ubuntu Linux A handy tool to manipulate MySQL is the MySQL MySQL...

Explore related content: , , , , , ,

Leave a Reply

CommentLuv Enabled