[Previous] Cross-border attack: 26 security personnel killed in Chitra...

 [Next] Fraudulent *.google.com Certificate at Mozilla Security Blog...

Some related posts from Technorati and Google.

[Naked Security - Sophos] Falsely issued Google SSL certificate in the wild for ... - Naked Security: It remains to be seen whether other browsers will follow in Mozilla's foot steps, but it may be prudent to remove DigiNotar from your trusted certificates until there is further clarification.

[WinCom7] Update: Palemoon Newsletter – DigiNotar CA Certificate Information ...: Internet users in Iran are believed to be at particular risk from the rogue SSL certificate, which is used to digitally “sign” HTTPS connections to any google.com site and was issued by a Dutch company called DigiNotar on 10 July.

[whynotwebworks.com] Microsoft Security Advisory (2607712): Fraudulent Digital ...: Users are only presented this message when the certificate is determined to be invalid, for instance when the user has Certificate Revocation List (CRL) or Online Certificate Status Protocol (OCSP) validation enabled. OCSP validation is enabled by default on Internet Explorer 7 and later versions of Internet Explorer on supported editions of Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.

[OFW Magazine] Rogue Google web cert prompts Firefox, Chrome security update ...: "Because the extent of the mis-issuance is not clear, we are releasing new versions of Firefox for desktop (3.6.21, 6.0.1, 7, 8, and 9) and mobile (6.0.1, 7, 8, and 9), Thunderbird (3.1.13, and 6.0.1) and SeaMonkey (2.3.2) shortly that will revoke trust in the DigiNotar root and protect users from this attack," it said.

[War & Peace in the Middle East] Rogue web certificate could have been used to attack Iran ...: Users of the latest version of Google’s Chrome browser would have been safe from the attack in the past month because it uses a system called “pinning”, in which it rejects certificates from all but a limited number of companies, which does not include DigiNotar. However, the DigiNotar certificate was issued on 10 July, and the version of Chrome that would reject its certificate did not appear until 10 August, leaving a crucial window during which users have been vulnerable to attack.

[Computer Viruses, Anti Virus Programs, Cleaners, Tools and News] V2R-Clean Computer Virus, Malware | Diginotar Hacked by Black ...: If they did, they could just issue rogue certificates themselves. But since they don't, they need such certificates from a widely trusted CA.

[IT Support London | SupportWizard.net] Faked web certificate could have been used to attack Iran dissidents ...: Users of the latest version of Google’s Chrome browser would be have been safe from the attack in the past month because it uses a system called “pinning”, in which it will reject certificates from any but a limited number of companies, which does not include Diginotar. But the Diginotar certificate was issued on 10 July, and the version of Chrome that would reject its certificate did not appear until 10 August, leaving a crucial window during which users would have been vulnerable to attack.

[groovyPost] Security Alert: DigiNotar Issues Fraudulent Google.com Certificate ...: The powers that be have already leapt into action, and the certificate has been added to the certificate revocation list (CRL). This means that if you attempt to browse one of these phony redirected sites, you should be alerted that something is afoot.

[Spyware Removal] Diginotar hacked by Black.Spook and Iranian Hackers: But since they don't, they need such certificates from a widely trusted CA. Like Diginotar.How was Diginotar breached? We don't know yet. ... Diginotar hacked by Black.Spook and Iranian Hackers. by F-Secure Antivirus Research Weblog. Diginotar is a Dutch Certificate Authority. They sell SSL certificates. diginotar. Somehow, someone managed to get a rogue SSL certificate from them on July 10th, 2011. This certificate was issued for domain name *.google.com. ...

[The Beach Computers Web Hosting Blog] Root Certificate Authority, Diginotar, Compromised - The Cheap ...: Pop your logo right here · The Beach Computers Web Hosting Blog · The Cheap Windows Web Hosting Blog · Home · BlogRoll · Uncategorized · Comments · Posts ... to Yahoo My Web · Be the first to comment - What do you think? Posted by admin - August 30, 2011 at 7:22 am. Categories: BlogRoll Tags: attack-on-one, diginotar, domains, fraudulent-certificate, read-the-rest, reseller hosting, result, showthread, the-rest, their-domains, web hosting solutions, web page hosting, webhost ...

[Geekosaur] Fraudulent Google SSL certificate in the wild for the last five weeks ...: A fraudulent SSL certificate, issued for *.google.com, has been in the wild for the past five weeks. This means that if you’ve been using HTTPS or other SSL-secured communication to talk to Google, then someone with the private key for this certificate could impersonate Google and you would never know the difference (unless you explicitly checked the certificate fingerprint and had a known-good certificate to compare it to, of course).

Reflected tags on Technorati: Blog, Security, Global Security Watch