+- MacResource (https://forums.macresource.com)
+-- Forum: My Category (https://forums.macresource.com/forumdisplay.php?fid=1)
+--- Forum: Tips and Deals (https://forums.macresource.com/forumdisplay.php?fid=3)
+--- Thread: Beware fraudulent SSL Certificates??? (/showthread.php?tid=123054)
Beware fraudulent SSL Certificates??? - Kiva - 09-03-2011
Friend sent me this link:
http://howto.wired.com/wiki/Secure_Your_Mac_Against_Fraudulent_SSL_Certificates
Basically, talks about a SSL certificate that can be used for hackers to gain access to gmail (?).
Wired.com wrote:
Dutch SSL certificate authority (CA) Diginotar issued a fraudulent certificate for *google.com in August 2011. This means that hackers can, and have been, impersonating Gmail with a "man in the middle" attack. The certificate is believed to have been issued by Iranian agents after they hack Diginotar. The exploit may have been used to spy on Iranian citizens' e-mail.
what do you guys think?
Re: Beware fraudulent SSL Certificates??? - GGD - 09-03-2011
Firefox released updates this week to revoke those certificates.
http://www.mozilla.org/en-US/firefox/3.6.21/releasenotes/
What’s New in Firefox 3.6.21
Firefox 3.6.21 fixes the following issues found in previous versions of Firefox 3.6:
* Revoked the root certificate for DigiNotar due to fraudulent SSL certificate issuance (see bug 682927 and the security advisory)
You may also be interested in the Firefox 3.6.20 release notes for a list of changes in the previous version.
Re: Beware fraudulent SSL Certificates??? - Kiva - 09-03-2011
interesting that the diginotar cert was in my keychain. I did the 'fix' anyway...
Re: Beware fraudulent SSL Certificates??? - rjmacs - 09-03-2011
Kiva wrote:
interesting that the diginotar cert was in my keychain. I did the 'fix' anyway...
Scary... Wasn't in mine, phew!