Hackers acquire Google certificate, could hijack Gmail accounts

Perhaps my more current information will be of help to you.

 

The far quicker evolution and growth rate of technology makes XP ~100 years old.

 

Noticed Firefox 6.0.1 was released hopefully it fixes this.

 

There could be more false certificates from Diginotar, said Vasco to Dutch site WebWereld:
http://webwereld.nl/nieuws/107764/diginotar--mogelijk-nog-valse-certificaten-in-omloop.html

It is not yet clear, and is be looked at.
That article is well worth to read. There is more happening as it seems.

A site of Diginotar seems to be running the old IIS 6.0, according to Webwereld.

See also:
https://bugzilla.mozilla.org/show_bug.cgi?id=682956
quoting Gervase Markham

See also Dutch site:
http://tweakers.net/nieuws/76475/firefox-vertrouwt-digid-toch-na-verzoek-nederlandse-overheid.html

Sorry, no time now further at the moment.

 

Discussion also at:
http://blog.mozilla.com/security/2011/08/29/fraudulent-google-com-certificate/

 

Earlier today I pointed already to this Dutch site:
http://tweakers.net/nieuws/76475/firefox-vertrouwt-digid-toch-na-verzoek-nederlandse-overheid.html

What it says, between a lot of others things, is that Mozilla did not un-trust all certificates of DigiNotar: the one(s) for the Dutch DigiD are still trusted.
Tweakers.net has looked at the source code of the new Firefox. Although the site is in Dutch, they post there the part of the source code (in English) where you can clearly read the comment "By request of the Dutch government". See the English text there in green.
I guess that the discussion about that and its consequeces has not yet ended..... And didn't Microsoft un-trust ALL DigiNotar certificates?

 

Threatpost, Kaspersky Lab’s Security News Service:
"Dutch Government Scrambling To Reassure Citizens About Security Of Digital ID System"
https://threatpost.com/en_us/blogs/...izens-about-security-digital-id-system-083011

With Roel Schouwenberg (fellow Dutchman and Senior Anti-Virus Researcher at Kaspersky Lab; he is also member here at Wilders) commenting:

Read more at above link.

 

The Dutch news site NU.nl says that the certificate for the domain of the TOR project has been hijacked via DigiNotar.

http://www.nu.nl/internet/2603449/mogelijk-nepsoftware-verspreid-naast-aftappen-gmail.html

 

Hackers may have stolen over 200 SSL certificates

Hackers may have obtained more than 200 digital certificates from a Dutch company after breaking into its network, including ones for Mozilla, Yahoo and the Tor project, a security researcher reported today.

http://www.computerworld.com/s/article/9219663/Hackers_may_have_stolen_over_200_SSL_certificates

 

Re: Hackers may have stolen over 200 SSL certificates

Good to see Roel Schouwenberg posting too about it at:
https://www.securelist.com/en/blog/208193107/More_on_DigiNotar

 

Minus 70 years and I can agree Though it makes no sense buying a new OS that won't be able to run on the Hardware

 

DigiNotar breach - the story so far, (Thu, Sep 1st)

 

Hi stapp,

To be honest, I don't know
I had decided to wait for the MS patch for XP (still waiting....).

 

Thanks to a posting at DSLR from therube:

Mozilla will be releasing (again, shortly) updates to Firefox for Desktop, Thunderbird and SeaMonkey.

Bug 683449 - DigiNotar patch erroneously blocks one of the two Staat der Nederlanden roots

Quoting Gervase Markham :

 

In the meanwhile the Dutch news site NU.nl is telling that the certs for Dutch government sites might also not be trusted anymore.
http://www.nu.nl/internet/2604862/zoek-gevaren-dreigende-uitval-it-uit.html

As far as I know at the moment that has not yet been confirmed.
But it is clear that the Dutch government has to take steps, and quickly so.
There is so much not being told in public
And we're still waiting for the second audit.

 

Safari users still susceptible to attacks using fake DigiNotar certs:

http://arstechnica.com/apple/news/2...ble-to-attacks-using-fake-diginotar-certs.ars

 

Thanks elapsed. I forgot to mention it (did read it somewhere, forgot where).

 

Hi fsr,

As far as I'm concerned you made a good posting (no reason to remove it).

Would you mind me reposting the link (if only because it is in English)?
I know that NU.nl is giving the same link as Roel does.

Roel posting at http://www.securelist.com/en/blog/208193110/Was_DigiNotar_s_PKIoverheid_CA_breached_too

 

Well have two things to add here:

1) HM is very right about the MITM attack and how improbable it is for one to be used against you (Unless you are in a state like Iran/china/etc). For a MITM attack to work the attacker MUST be in possession of one of the following:

1) DNS Server (Unlikely; Especially if you have changed it to some thing like Google, comodo, opendns, Norton DNS, etc. )

2) Your ISP - Even more unlikely; Any ISP would be literally sued to death if they did this on the own, and the likelihood of an attacker breaking in to one is even more unlikely and rather a waste of time.

3) Your router - If it is secured (WPA(2)/ No WAN access to change settings/UPnP off) this won't be an issue. If not, an attacker (like HM said) can just use SSLStrip or load your computer (through malware) with his own cert and use that to trick you into thinking it's Google. If an attacker is on your (W)Lan he can also you DNS poisoning or ARP poisoning to redirect your traffic through him. This means you think he is the router and the router thinks he is you. Now he can make any site redirect to any other site (even LocalHost on his machine) and do as he pleases. No need for a forged cert here.

4) Your Computer:

This is two-fold -

A) Malware infects your computer or physical access lets him plant fake(his own CA) Certs and your browser excepts them as good. Remember any one can become a CA it's just if you trust them or not. Adding trust is easy with access via malware or physical access. He could also in this case just plant a keylogger.

B) Fake WiFi Access Point - Easy to launch, and easy to use. Window, Mac, and linux (unless configured not to) will connect to any access point as long as the SSID is remembered. This means if your AP is "home" and an attacker broadcasts one as "home" by default the BSSID is ignored and the computer will connect to the closest one. Game over here. This is even easier if the attacker is using a Jasagar WiFi Router. This special Firmware allows the router to respond to any and ALL broadcasts and tricks the computer into thinking it is the AP it is looking for.


While these certs are a threat. They really only apply in Iran and countries of the like. No government "threat" and no problem. I would still delete these CA's as a precaution though.

---------------- /Rant

The second thing is a question:

How can I force Ff to remove Certs/CA's? They come back after you distrust them!

 

Haven't Firefox, Chrome, and MS removed it already?

 

Yes but there are a few others like "The republic of China" and Hong Kong post that I don't trust either

EDIT:

Also I recommend Perspectives and Certificate Partol for Ff users as an extra layer of protection. Both will tell you if the Cert has been seen or has changed recently and allow you to compare them.