Mac OS X and iOS (iPod, iPad, iPhone) users are especially at risk from this hack, as Apple has not issued a patch for it yet. Technically-minded OS X/iOS users should search Google for instructions on how to remove Diginotar as a root authority from their browsers.
Google, Mozilla and Microsoft ban the DigiNotar Certificate Authority in their browsers | ZDNet
Microsoft Security Advisory (2607712): Fraudulent Digital Certificates Could Allow SpoofingWith the DigiNotar saga continuing, it’s time to summarize some of the current events surrounding it.
According to multiple blog posts, Google, Mozilla and Microsoft have already banned the DigiNotar Certificate Authority in their browsers. This preemptive move comes as a direct response to the mess that DigiNotar created by issuing over 200 rogue certificates for legitimate web sites and services — see a complete list of the affected sites and services.
Earlier this week, Google reported of attempted man-in-the-middle attacks executed against Google users, and most recently, TrendMicro offered insights into a large scale spying operation launched against Iranian web users.
Microsoft is aware of active attacks using at least one fraudulent digital certificate issued by DigiNotar, a certification authority present in the Trusted Root Certification Authorities Store. A fraudulent certificate could be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against all Web browser users including users of Internet Explorer. While this is not a vulnerability in a Microsoft product, this issue affects all supported releases of Microsoft Windows.Protecting yourself from attacks that leverage fraudulent DigiNotar digital certificates - Security Research & Defense - Site Home - TechNet Blogs
Microsoft is continuing to investigate this issue. Based on preliminary investigation, Microsoft is providing an update for all supported releases of Microsoft Windows that revokes the trust of the following DigiNotar root certificates by placing them into the Microsoft Untrusted Certificate Store
ISC Diary | Microsoft Releases Diginotar Related Patch and AdvisoryLast week, we released Security Advisory 2607712, notifying customers that fraudulent digital certificates had been issued by certificate authority DigiNotar. We’d like to follow up on that notification in this blog post by explaining more about the potential risks and actions you can take to protect yourself from any potential attacks that would leverage those fraudulent certificates.
Microsoft updates Security Advisory 2607712 - MSRC - Site Home - TechNet Blogs
Today we’re updating Security Advisory 2607712,
to announce that based on our investigation, we’ve deemed all DigiNotar
certificates to be untrustworthy and have moved them to the Untrusted
Certificate Store. Additionally, we have extended our support with this
update so all customers using Windows XP, Windows Server 2003, and all
Windows supported third-party applications are protected.Today’s
update, deployed via Automatic Update, applies to all supported
releases of Microsoft Windows, and revokes the trust of the following
DigiNotar root certificates by placing them into the Microsoft Untrusted
Certificate Store:
No comments:
Post a Comment