September 24, 2016

How Many Certificates Did Hackers Take From DigiNotar?

(LiveHacking.Com) – It looks like the dust isn’t going to settle quickly on the recent security breach at the Dutch Certificate Authority (CA) DigiNotar. A few days ago, DigiNotar’s parent company VASCO Data Security International, Inc. admitted that a security breach in its Certificate Authority (CA) infrastructure allowed the fraudulent issuance of public key certificate requests for a number of domains, including Google.com. It now seems that the actual number is over 200, maybe even more than 250.

Recent changes to Chromium, the open-source project that acts as a base for Google’s Chrome browser, list 247 DigiNotar certificates that are now blacklisted plus two intermediate certificates.

There is a growing sense that DigiNotar haven’t been as upfront about this incident as they could be.

It has now come to light that a certificate was also issued for addons.mozilla.org. “DigiNotar informed us that they issued fraudulent certs for addons.mozilla.org in July, and revoked them within a few days of issue,” Johnathan Nightingale, Mozilla’s director of Firefox development, wrote in a statement. “In the absence of a full account of mis-issued certificates from DigiNotar, the Mozilla team moved quickly to remove DigiNotar from our root program and protect our users.”

Share and Enjoy:
  • Print
  • Digg
  • StumbleUpon
  • del.icio.us
  • Facebook
  • Yahoo! Buzz
  • Twitter
  • Google Bookmarks