May 26, 2020

Fraudulent Digital Certificate in the Wild

(LiveHacking.Com) – It has come to light that at least one fraudulent digital certificate has been issued by DigiNotar, a root certificate authority, for The digital certificate affects the main domain and all the subdomains of and could be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against all Web browser users.

The problem for users is that because the certificate is valid,  the web browser will not display a warning message if a user went to a fake website signed with this certificate.

Microsoft have responded to the news by removing the DigiNotar root certificate from the Microsoft Certificate Trust List. It is likely that others like Apple and Mozilla will also block this certificate in the near future.

This isn’t the firs time that a fake certificate for has been issued by a certificate authority. Back in March of this year several false certificates where issued for popular domains, including, when a hacker breached the security at Comodo.

It’s unclear, at this time, how the certificate was obtained, but it is known that DigiNotar has revoked the digital certificate in question.

Share and Enjoy:
  • Print
  • Digg
  • StumbleUpon
  • Facebook
  • Yahoo! Buzz
  • Twitter
  • Google Bookmarks