Become a fan of Slashdot on Facebook

 


Forgot your password?
Close
typodupeerror
×
The Internet Security IT Technology

Diginotar Responds To Rogue Certificate Problem 177

Posted by samzenpus from the our-bad dept.
An anonymous reader writes "Vasco, the owner of the DigiNotar CA implicated in the MITM attacks on Iranian Google users has responded to their fraudulently issued certificate problems. The press release reads: 'On July 19th 2011, DigiNotar detected an intrusion into its Certificate Authority (CA) infrastructure, which resulted in the fraudulent issuance of public key certificate requests for a number of domains, including Google.com. Once it detected the intrusion, DigiNotar has acted in accordance with all relevant rules and procedures. At that time, an external security audit concluded that all fraudulently issued certificates were revoked. Recently, it was discovered that at least one fraudulent certificate had not been revoked at the time. After being notified by Dutch government organization Govcert, DigiNotar took immediate action and revoked the fraudulent certificate'. It is not clear whether the latter certificate is the one used in Iran, or whether other certificates remain at large. I guess removing the root certificate from browsers is the correct response."
This discussion has been archived. No new comments can be posted.

Diginotar Responds To Rogue Certificate Problem More

Diginotar Responds To Rogue Certificate Problem

Comments Filter:

  • In Firefox 6 (Score:5, Informative)

    by janeuner ( 815461 ) on Tuesday August 30, 2011 @11:49AM (#37254292)

    1) Options -> Advanced -> Encryption -> View Certificates
    2) In the Certificate Manager window, click the Authorities tab.
    3) Scroll down to DigiNotar.
    4) Delete or Distrust the "DigiNotar Root CA" certificate.

  • Re:In Firefox 6 (Score:4, Informative)

    by janeuner ( 815461 ) on Tuesday August 30, 2011 @11:56AM (#37254428)

    In short, Comodo has issued fraudulant certificates for Google Mail, Yahoo, and a couple other high traffic sites. Gameboy is correct - nuke both of these CAs immediately.

  • Re:Already done (Score:2, Informative)

    by Anonymous Coward on Tuesday August 30, 2011 @12:03PM (#37254528)

    check their site, they sign their own certificate ::

    https://www.diginotar.com/Products/ExtendedValidationSSL/tabid/622/Default.aspx

  • Too late (Score:5, Informative)

    by slasho81 ( 455509 ) on Tuesday August 30, 2011 @12:40PM (#37254974)
    Too little, too late. I already removed DigiNotar from my trusted CA list. You should too. In Firefox: Options > Advanced > Encryption > View Certificates > Authorities tab > Find DigiNotar > Edit Trust.

  • In MacOSX (Score:5, Informative)

    by Jeremy Erwin ( 2054 ) on Tuesday August 30, 2011 @02:03PM (#37256016) Journal

    open /Applications/Utilities/Keychain Access.app
    Click on System Roots
    Scroll down to DigiNotar Root CA
    Click the "i" icon, or select "Get Info CMD-I"
    Expand the "Trust" node
    For the "When using this certificate"
    Select the "Never Trust" option

    If successful, the info window will now say "This certificate is marked as not trusted for all users"--- and you can browse this site [diginotar.nl] to ensure that the trust is broken.

Slashdot Top Deals

Anyone can make an omelet with eggs. The trick is to make one with none.

Close