September 26, 2016

DigiNotar Admits Security Breach Allowed Fake Google Certificate to be Issued

(LiveHacking.Com) – DigiNotar’s parent company VASCO Data Security International, Inc. has admitted that a security breach in its Certificate Authority (CA) infrastructure allowed the fraudulent issuance of public key certificate requests for a number of domains, including Google.com.

The press release goes on to say that “at that time, an external security audit concluded that all fraudulently issued certificates were revoked. Recently, it was discovered that at least one fraudulent certificate had not been revoked at the time.  After being notified by [the] Dutch government organization Govcert, DigiNotar took immediate action and revoked the fraudulent certificate.”

As I noted yesterday, Microsoft has responded to the news by removing the DigiNotar root certificate from the Microsoft Certificate Trust List.

Mozilla has now announced that it is releasing updates for Firefox (3.6.21, 6.0.1, 7, 8 and 9) and Firefox Mobile (6.0.1, 7, 8 and 9), Thunderbird (3.1.13 and 6.0.1) and SeaMonkey (2.3.2), which will also revoke trust in DigiNotar’s root certificate. They have also posted instructions on how to manually delete the DigiNotar Root CA certificate from Firefox.

Also Google has now released Chrome 13.0.782.218 for Windows, Mac and Linux. This new version contains an updated version of the Adobe Flash Player and has disabled the DigiNotar root certificate.

Share and Enjoy:
  • Print
  • Digg
  • StumbleUpon
  • del.icio.us
  • Facebook
  • Yahoo! Buzz
  • Twitter
  • Google Bookmarks