Hackers acquire Google certificate, could hijack Gmail accounts

Discussion in 'other security issues & news' started by ronjor, Aug 29, 2011.

Thread Status:
Not open for further replies.
  1. siljaline

    siljaline Registered Member

    Joined:
    Jun 29, 2003
    Posts:
    6,618
  2. siljaline

    siljaline Registered Member

    Joined:
    Jun 29, 2003
    Posts:
    6,618
    Microsoft has just responded in full to the DigiNotar compromise
     
  3. fsr

    fsr Registered Member

    Joined:
    Jul 26, 2010
    Posts:
    190
    Another update from Roel Schouwenberg

    Why Diginotar may turn out more important than Stuxnet - Securelist
    Thanks for the links guys:thumb:
     
  4. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    3,984
    Thanks Siljaline !

    and from that blog:
    SRD blog post titled
    Protecting yourself from attacks leveraging fraudulent DigiNotar digital certificates."

    http://blogs.technet.com/b/srd/arch...raudulent-diginotar-digital-certificates.aspx

    It describes steps for those on XP and Server 2003 if you don't want to wait for the soon available update.
     
  5. fsr

    fsr Registered Member

    Joined:
    Jul 26, 2010
    Posts:
    190
  6. x942

    x942 Guest

    You can use a fake cert. but that would give warning to the user. SSLStrip tries to be as stealthy as possible so it just uses a normal http:// session between the client and the attacker. If you had a real cert you could use that and it would be impossible (for average users) to tell it was fake.
     
    Last edited by a moderator: Sep 5, 2011
  7. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    3,984
    TrendMicro blog:
    Sep5 Diginotar: Iranians – The Real Target
    http://blog.trendmicro.com/diginotar-iranians-the-real-target

    Read more at that link.
     
  8. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    3,984
    Several Dutch news sites and TV news are telling mad stories about the security at DigiNotar.
    Webwereld and NU.nl are saying someone from the Dutch Government did let them see the report of the audit by Fox IT.

    No AV
    Very weak passwords (also for admins)
    Intrusion Prevention System not good working
    and lots more...... :thumbd:

    It seems also that for The Netherlands the MS update for the certs will come at a later time than expected on request of the Dutch government. The Dutch government says it needs more time :ouch: :ouch: :ouch:
    Well well Dutch government, besides the hackers in the first place and then DigiNotar it is also you who is also to blame; you should have been in control of such an important part of your organisation and do it right :ouch:
     
    Last edited: Sep 5, 2011
  9. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,653
    Location:
    Outer space
    Lol, they're still failing, delaying the coming Windows patch round because they apparently are unable to get proper certificates in time..
    -http://tweakers.net/nieuws/76587/overheid-dwingt-bij-microsoft-vertraagde-windows-update-af.html-
     
  10. John Bull

    John Bull Registered Member

    Joined:
    Nov 22, 2009
    Posts:
    904
    Location:
    London UK
    Serious development and this thread serves it well.

    Gmail accounts hacked ? Well hackers, enjoy yourselves with mine, there is nothing worth a fig on it. Not even my real name. So have a ball and if you hack it around too much, I`ll simply stick to OE or Mozilla Thunderbird.

    No doubt it will not last long. The Google wizards will without a shadow of doubt put the stoppers on it in no time at all. In view of their miraculous achievements, they can turn stone into gold. I am sure they can turn hackers into crackers.

    John
     
  11. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    3,984
  12. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    3,984
    The (public part) report of the second audit, done by Fox-IT, is out in the open and in English. It's a pdf document.
    One of the places where it can be found:
    hxxp://tweakimg.net/files/upload/Operation+Black+Tulip+v1.0.pdf
    (replace hxxp with the obvious one)
     
    Last edited: Sep 5, 2011
  13. siljaline

    siljaline Registered Member

    Joined:
    Jun 29, 2003
    Posts:
    6,618
  14. gerardwil

    gerardwil Registered Member

    Joined:
    Jan 17, 2004
    Posts:
    4,750
    Location:
    EU
    Interesting read (Dutch only, sorry) about the 21 year old hacker, site and tweets posted here 30 minutes ago:

    security.nl

    Gerard
     
  15. gerardwil

    gerardwil Registered Member

    Joined:
    Jan 17, 2004
    Posts:
    4,750
    Location:
    EU
    Translation:

    A 21-year-old Iranian student who previously hacked Comodo SSL publisher, is also behind the attack on the Dutch DigiNotar. Sunday was already suggested this idea, which now seems to be confirmed. End of March showed the Comodo hacker in an interview that he is studying software engineering and is interested mainly in cryptography.

    Through the website Pastebin.com claimed responsibility for the attack on him. Long remained Pastebin.com account of Comodo hacker quiet until last night. When the attacker demanded again the responsibility for cracking a Certificate Authority.

    "I've told everyone that I can do it again. I have told all the interviews that I still have access to Comodo resellers, I've been telling everybody I have access to most Certificate Authorities have, you see these words ? "Itself puts the hacker his work as the most sophisticated hacking of the year.

    Iranian government
    As proof that he really DigiNotar infiltrated, he reports the domain administrator password of the CA network, namely Pr0d @ dm1n. "DigiNotar could confirm whether this is correct or not," said Mikko Hypponenen of the Finnish F-Secure. Further informs the attacker that he still has access to four major Autorities Certificate has.

    Before has the Comodo hacker already know he has no political motives or is affiliated to the Iranian government. He would be the opposition in the country and will do anything to disturb order to expose them.
     
  16. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    3,984
    From the Dutch Microsoft site

    http://www.microsoft.com/netherlands/nieuws/nieuwsbericht.aspx?id=418

    Full quote in Dutch:

    It says that worlwide there will come an automatically update to distrust the Diginotar certs. On request of the Dutch government it will be not an automatically update for The Netherlands. However users can install the update manually. Tonight step-by-step instructions will be placed on the Dutch MS site.

    The Dutch site Webwereld says the update comes tonight. And again it will not be for XP and Server 2003.

    By all means, if you have a confirmation from the English MS site, please post it.
     
  17. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    3,984
    The MS blog "More on Microsoft’s response to the DigiNotar compromise" has been updated yesterday (5 Sept 2011):

    http://blogs.technet.com/b/msrc/arc...t-s-response-to-the-diginotar-compromise.aspx

     
    Last edited: Sep 6, 2011
  18. siljaline

    siljaline Registered Member

    Joined:
    Jun 29, 2003
    Posts:
    6,618
    Claimed DigiNotar hacker: I have access to four more CAs

    Iranian 'Comodohacker' says he can still issue bogus certs

    More at Link
     
  19. fsr

    fsr Registered Member

    Joined:
    Jul 26, 2010
    Posts:
    190
    Microsoft updates Security Advisory 2607712
     
  20. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    If literally every cert from them is blacklisted, how can he have some that are still valid?
     
  21. fsr

    fsr Registered Member

    Joined:
    Jul 26, 2010
    Posts:
    190
    To put this simple and short, you don't have all the facts just yet. Diginotar audit is on going, but probably more audits to other CA's are going to be needed since hacker clearly mentions them in Pastebin note. Vasco btw, has issued a Statement claiming they were not affected.
     
  22. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    3,984
  23. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    3,984
  24. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,738
    Are these updates installed silently, or do Windows Update appears?
     
  25. gerardwil

    gerardwil Registered Member

    Joined:
    Jan 17, 2004
    Posts:
    4,750
    Location:
    EU
    A restart is needed. (XP)

    Gerard
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.