(LiveHacking.Com) – It looks like the dust isn’t going to settle quickly on the recent security breach at the Dutch Certificate Authority (CA) DigiNotar. A few days ago, DigiNotar’s parent company VASCO Data Security International, Inc. admitted that a security breach in its Certificate Authority (CA) infrastructure allowed the fraudulent issuance of public key certificate requests for a number of domains, including Google.com. It now seems that the actual number is over 200, maybe even more than 250.
Recent changes to Chromium, the open-source project that acts as a base for Google’s Chrome browser, list 247 DigiNotar certificates that are now blacklisted plus two intermediate certificates.
There is a growing sense that DigiNotar haven’t been as upfront about this incident as they could be.
It has now come to light that a certificate was also issued for addons.mozilla.org. “DigiNotar informed us that they issued fraudulent certs for addons.mozilla.org in July, and revoked them within a few days of issue,” Johnathan Nightingale, Mozilla’s director of Firefox development, wrote in a statement. “In the absence of a full account of mis-issued certificates from DigiNotar, the Mozilla team moved quickly to remove DigiNotar from our root program and protect our users.”
