Hackers acquire Google certificate, could hijack Gmail accounts

Discussion in 'other security issues & news' started by ronjor, Aug 29, 2011.

Thread Status:
Not open for further replies.
  1. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    4,638
    I can only say what I did on my Dutch XP-home SP3:
    As soon as I saw the posting from fsr, I went straight ahead, clicked in IE to check for updates, the update was marked as essential, and I installed it; reboot was required.
     
  2. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    4,638
    :thumb: You beat me, my friend :D :thumb:
     
  3. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    4,638
    Firefox 6.0.2 and 3.6.22 security updates now available

    by Christian Legnitto on Tuesday, September 6th, 2011 at 9:34 am at:

    https://developer.mozilla.org/devne...-2-and-3-6-22-security-updates-now-available/

     
  4. fsr

    fsr Registered Member

    Joined:
    Jul 26, 2010
    Posts:
    190
    Hacker has just updated Pastebin statuse, more clearance from MS on the way (?)

    & GlobalSign has tweeted that
     
  5. fsr

    fsr Registered Member

    Joined:
    Jul 26, 2010
    Posts:
    190
    GlobalSign suspends issuing Certs during internal investigation
    Link
     
  6. siljaline

    siljaline Registered Member

    Joined:
    Jun 29, 2003
    Posts:
    6,618
    Microsoft Security Advisory (2607712)

    Fraudulent Digital Certificates Could Allow Spoofing

    Published: August 29, 2011 | Updated: September 06, 2011 Version: 3.0

    Executive Summary
     
  7. gerardwil

    gerardwil Registered Member

    Joined:
    Jan 17, 2004
    Posts:
    4,750
    Location:
    EU
  8. siljaline

    siljaline Registered Member

    Joined:
    Jun 29, 2003
    Posts:
    6,618
    It's revision No # 3 issued | revised today.

     
  9. gerardwil

    gerardwil Registered Member

    Joined:
    Jan 17, 2004
    Posts:
    4,750
    Location:
    EU
    Yep, I know september 6th o_O I have it installed
     
  10. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    163,059
    Location:
    Texas
    There is a Windows Update posted today for the certificate problem.
     
  11. siljaline

    siljaline Registered Member

    Joined:
    Jun 29, 2003
    Posts:
    6,618
    Thanks for this, Ron - I was just made aware elsewhere, reboot required in most cases.

     
  12. fsr

    fsr Registered Member

    Joined:
    Jul 26, 2010
    Posts:
    190
    From the MS Advisory (which I never read :p )
     
    Last edited: Sep 6, 2011
  13. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    4,638
    SeaMonkey 2.3.3 released:
    http://www.seamonkey-project.org/releases/seamonkey2.3/

    http://www.mozilla.org/security/announce/2011/mfsa2011-35.html

     
  14. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    4,638
    https://threatpost.com/en_us/blogs/...-mozilla-drops-trust-staat-der-nederland-cert

    Microsoft Revokes Trust in Five DigiNotar Root Certs, Mozilla Drops Trust For Staat der Nederland Certs

    September 6, 2011, 1:37PM


     
    Last edited: Sep 6, 2011
  15. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    Got my update, I believe. No reboot needed on Win 7.
     
  16. gerardwil

    gerardwil Registered Member

    Joined:
    Jan 17, 2004
    Posts:
    4,750
    Location:
    EU
    globalsign
     
  17. gerardwil

    gerardwil Registered Member

    Joined:
    Jan 17, 2004
    Posts:
    4,750
    Location:
    EU
    And for those interested the hacker(s) posted a new message on pastebin.

    Gerard
     
  18. siljaline

    siljaline Registered Member

    Joined:
    Jun 29, 2003
    Posts:
    6,618
    GlobalSign warns of concern after Dutch hack

    Full ongoing story at Link
     
  19. gerardwil

    gerardwil Registered Member

    Joined:
    Jan 17, 2004
    Posts:
    4,750
    Location:
    EU
    And he/she/they just spoke again for those interested.

    Gerard
     
  20. fsr

    fsr Registered Member

    Joined:
    Jul 26, 2010
    Posts:
    190
    Two tweets from GlobalSign
    Link
    Link
     
    Last edited by a moderator: Sep 7, 2011
  21. fsr

    fsr Registered Member

    Joined:
    Jul 26, 2010
    Posts:
    190
    A little help from our Dutch friends please, rummors (not confirmed) that Thawte was also hacked

    http://webwereld.nl/nieuws/107852/ssl-gigant-thawte-ook-gehackt--stelt-vng-onterecht.html
    http://translate.google.com/transla...07852/vng--ssl-gigant-thawte-ook-gehackt.html

    Tweet stream here
     
  22. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    4,638
    In short it comes down to this, according to that Webwereld article:
    The Association of Dutch Municipalities (VNG) wrongly claimed that SSL-giant Thawte was also hacked.
    On Tuesday VNG published a factsheet in which it told that IT admins should replace Thawte certs, because Thawte was hacked. That message is not right, as VNG does admit now (on Wednesday).
    VNG does admit that it made a mistake.
    VNG has published a corrected factsheet.

    edited to add (on Thursday):
    Official statement from Symantec

    Two quotes from the Symantec statement:




    /end of rumour
     
    Last edited: Sep 8, 2011
  23. fsr

    fsr Registered Member

    Joined:
    Jul 26, 2010
    Posts:
    190
    Thank you!:thumb:
     
  24. gerardwil

    gerardwil Registered Member

    Joined:
    Jan 17, 2004
    Posts:
    4,750
    Location:
    EU
    blog trendmicro
     
  25. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.