December 18, 2018

Search Results for: Diginotar

DigiNotar Officially Bankrupt

(LiveHacking.Com) – The American parent company of the Dutch certificate authority (CA) DigiNotar has announced that DigiNotar is now officially bankrupt. VASCO Data Security International filed DigiNotar’s voluntary bankruptcy in the Haarlem District Court, The Netherlands at the beginning of this week and one day later the CA was officially declared bankrupt. A bankruptcy trustee, under the supervision of a judge, has now taken over the management of DigiNotar and will work to liquidate the company.

The Dutch government stepped in and took over DigiNotar after it was discovered that the company had been hacked and had been used to issue fake SSL certificates for various major sites, including Google, Mozilla, the CIA, MI6 and Mossad.

T. Kendall Hunt, VASCO’s Chairman and CEO said in a statement, “we would like to remind our customers and investors that the incident at DigiNotar has no impact on VASCO’s core authentication technology.”

“We want to emphasize that the bankruptcy filing by DigiNotar, which was primarily a certificate authority, does not involve VASCO’s core two-factor authentication business,” added Jan Valcke, VASCO’s President and COO.

It was DigiNotar’s failure to be upfront about the security breach which was the main reason it lost all credibility. Having suffered the breach, weeks went past before it started to inform the different domain name owners about what happened. Also the serial numbers for the issued certificates could not be found in DigiNotar’s records. This led to the conclusion that an unknown number of certificates were issued, probably more than 500.

“We are working to quantify the damages caused by the hacker’s intrusion into DigiNotar’s system and will provide an estimate of the range of losses as soon as possible,” said Cliff Bown, VASCO’s Executive Vice President and CFO.

Adobe Updates Acrobat to Fix Security Problems; Also Revokes Trust in DigiNotar

(LiveHacking.Com) – Adobe has released an update to Acrobat and Acrobat Reader to fix various Critical vulnerabilities. Affected versions are Adobe Reader X (10.1) and Adobe Acrobat X (10.1) including earlier versions for Windows and OS X, Adobe Reader 9.4.2 and earlier versions for UNIX. These vulnerabilities could cause the application to crash and potentially allow an attacker to take control of the affected system.

The specific problems fixed are:

  • A local privilege-escalation vulnerability (Adobe Reader X (10.x) on Windows only) (CVE-2011-1353).
  • A security bypass vulnerability that could lead to code execution (CVE-2011-2431).
  • A buffer overflow vulnerability in the U3D TIFF Resource that could lead to code execution (CVE-2011-2432).
  • Heap overflows that could lead to code execution (CVE-2011-2433, CVE-2011-2434).
  • A buffer overflow vulnerability that could lead to code execution (CVE-2011-2435).
  • A heap overflow vulnerability in the Adobe image parsing library that could lead to code execution (CVE-2011-2436).
  • Three stack overflow vulnerabilities in the Adobe image parsing library that could lead to code execution (CVE-2011-2438).
  • A memory leakage condition vulnerability that could lead to code execution (CVE-2011-2439).
  • A use-after-free vulnerability that could lead to code execution (CVE-2011-2440).
  • Two stack overflow vulnerabilities in the CoolType.dll library that could lead to code execution (CVE-2011-2441).
  • A logic error vulnerability that could lead to code execution (CVE-2011-2442).

Simultaneously Adobe removed the DigiNotar root certificate from its trust list:

Adobe takes the security and trust of our users very seriously. Based on the nature of the breach, Adobe is now taking the action to remove the DigiNotar Qualified CA from the Adobe Approved Trust List.

This update has been published for Adobe Reader and Acrobat X which include a trust list that Adobe can dynamically manage without requiring a product update/patch.  A future product update of Adobe Reader and Acrobat version 9.x will also enable dynamic updates of the AATL.

Patch Tuesday Blocks More DigiNotar Certificates

(LiveHacking.Com) – As anticipated Microsoft has issued five security bulletins bringing a number of updates to Windows and Office. At the same time it has released a new update  (2616676) that blocks six additional DigiNotar root certificates. These new certificates are ones that are cross-signed by Entrust and GTE. They are:

  • DigiNotar Root CA Issued by Entrust (2 certificates)
  • DigiNotar Services 1024 CA Issued by Entrust
  • Diginotar Cyber CA Issued by GTE CyberTrust (3 certificates)

The security bulletins issued are

  1. MS11-070 Vulnerability in WINS Could Allow Elevation of Privilege
  2. MS11-071 Vulnerability in Windows Components Could Allow Remote Code Execution
  3. MS11-072 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution
  4. MS11-073 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution
  5. MS11-074 Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege

None of the bulletins are rated as Critical but the affected software includes all of Microsoft’s currently supported versions of Windows including XP, Vista, Windows 7 and Windows Server 2003/2008 as well Office 2003, 2007 and 2010.

MS11-071, 072 and 073 all relate to vulnerabilities could allow remote code execution if a user opens a specially crafted file. In some cases, for .doc., .rtf and .txt files, the document needs to be the located in the same network directory as a specially crafted library file for the exploit to work.

Apple Finally Revokes Trust for DigiNotar – But Only on OS X

(LiveHacking.Com) – Almost a week after Microsoft, Mozilla and Google revoked trust in all the certificates issued by DigiNotar, Apple has finally issued an update for OS X 10.6 and 10.7.

Security Update 2011-005 reads:

Fraudulent certificates were issued by multiple certificate authorities operated by DigiNotar. This issue is addressed by removing DigiNotar from the list of trusted root certificates, from the list of Extended Validation (EV) certificate authorities, and by configuring default system trust settings so that DigiNotar’s certificates, including those issued by other authorities, are not trusted.

However the update leaves users of PowerPC Mac’s vulnerable as there is no update for OS X 10.4 and nothing yet for iOS devices including the iPhone, iPod Touch and iPad.

The update is available through Mac OS X’s built in Software Update or can be manually downloaded (for Lion or Snow Leopard) and installed.

Microsoft Follows Mozilla and Google and Revokes All DigiNotar Certificates

(LiveHacking.Com) – Following in the footsteps of Google and Mozilla, Microsoft has revoked all of DigiNotar’s root certificates and issued a Windows update:

  • DigiNotar Root CA
  • DigiNotar Root CA G2
  • DigiNotar PKIoverheid CA Overheid
  • DigiNotar PKIoverheid CA Organisatie – G2
  • DigiNotar PKIoverheid CA Overheid en Bedrijven

The update is available for all supported versions of Windows (XP, 2003, Vista, 2008, 7 and 2008R2) and increases the number of revoked certificates from two to five.

In a perfect world Microsoft would just rely on its Microsoft Certificate Trust List to validate the trust of a certification authority. However Windows XP and Windows Server 2003 do not use the Microsoft Certificate Trust List and as a result, an update is needed for all editions of Windows XP and Windows Server 2003 to protect customers.

Interestingly, the update also changes IE’s behaviour in that users are no longer just presented with a warning about any certificates issued by DigiNotar, but they are prevented from accessing sites completely.

In order to protect customers more comprehensively against possible man-in-the-middle attacks, Microsoft is releasing an update that takes additional measures to protect customers by completely preventing Internet Explorer users from accessing resources of Web sites that contained certificates signed by the untrusted DigiNotar root certificates. Internet Explorer users who apply this update will be presented with an error message when trying to access a Web site that has been signed by either of the above DigiNotar root certificates. These users will not be able to continue to access the Web site.

Fox-IT Interim Report Into DigiNotar Security Breach Points Finger at Iran

(LiveHacking.Com) – Fox-IT, the Dutch security company hired to investigate the security breach at DigiNotar has released its interim report. The day after it became public knowledge that a rogue *.google.com certificate was presented to a number of Internet users in Iran, Fox-IT was contacted and asked to investigate the breach and report its findings. Fox-IT assembled a team and started the investigation known as “Operation Black Tulip.”

The report has some very interesting findings:

  • The rogue certificate found by Google was issued by the DigiNotar Public CA 2025. The serial number of the certificate was, however, not found in the CA system‟s records. This leads to the conclusion that it is unknown how many certificates were issued without any record present.
  • Web browsers perform an Online Certificate Status Protocol (OCSP) check as soon as the browser connects to an SSL protected website through the https-protocol3. The serial number of the certificate presented by the website a user visits is send to the issuing CA OCSP-responder. The OCSP-responder can only answer either with „good‟, „revoked‟ or „unknown‟. If a certificate serial number is presented to the OCSP-responder and no record of this serial is found, the normal OCSP-responder answer would be „good‟4. The OCSP-responder answer „revoked‟ is only returned when the serial is revoked by the CA. In order to prevent misuse of the unknown issued serials the OCSP-responder of DigiNotar has been set to answer „revoked‟ when presented any unknown certificate serial it has authority over. This was done on September 1st.
  • The list of domains and the fact that 99% of the users are in Iran suggest that the objective of the hackers is to intercept private communications in Iran.
Does this mean the hacking was state sponsored? Leave your comments below.

What are Apple Doing About the DigiNotar Security Breach?

(LiveHacking.Com) – The last few days has seen rapid releases and lots of information published by Microsoft, Google and Mozilla to block the fraudulent certificates issued by DigiNotar. The one significant player who has so far remained eerily silent is Apple. The Safari web browser is not only found on OS X and Windows but it is also used in iOS and can be found on the iPhone, iPod Touch and iPad.

As of Monday morning, Safari and OS X itself have not been patched. There are instructions on doing so on the ps | Enable blog, although it is non-trivial.

Also all of Apple’s mobile users are being left in the dark. There have been no updates and no information at all about iOS.

What are Apple doing? Too busy working on the iPhone 5????

Google Releases Chrome 13.0.782.220 to Block All Certificates Issued by DigiNotar

(LiveHacking.Com) – Following the revelation that the DigiNotar debacle included certificates for MI6, the CIA and Mossad, Google has updated Chrome to 13.0.782.220 for Windows, Mac and Linux to revoke Chrome’s  trust for SSL certificates issued by DigiNotar-controlled intermediate CAs used by the Dutch PKIoverheid program. For more details from Google about the security issues see their Security Blog post about DigiNotar.

Mozilla has also published new information about its decision to revoked its trust in the DigiNotar certificate authority. According to Mozilla the block on DigiNotar is “not a temporary suspension, it is a complete removal from our trusted root program.”

Mozilla list three central reasons for its decision:

1) Failure to notify. DigiNotar detected and revoked some of the fraudulent certificates 6 weeks ago without notifying Mozilla.

2) The scope of the breach remains unknown. While Mozilla were initially informed by Google that a fraudulent *.google.com certificate had been issued, DigiNotar eventually confirmed that more than 200 certificates had been issued against more than 20 different domains. It is now know that the attackers also issued certificates from another of DigiNotar’s intermediate certificates without proper logging. It is therefore impossible for us to know how many fraudulent certificates exist, or which sites are targeted.

3) The attack is not theoretical. Mozilla have received multiple reports of these certificates being used in the wild.

DigiNotar Issued Fake SSL Certificates for CIA, MI6 and Mossad

(LiveHacking.Com) – The aftermath of the security breach at DigiNotar continues to grow. New revelations about the extent of the breach have now come to light. It appears that since DigiNotar is a “root” certificate, it can assign authority to intermediaries to sign and validate certificates on its behalf. It seems now that the hackers have signed 186 intermediate certificates that masquerade as well-known certificate authorities like Thawte, Verisign and Equifax.

The expanded list of domains for which fraudulent certificates were issued now includes Facebook, Google, Microsoft, Yahoo!, Tor, Skype, Mossad, CIA, MI6, LogMeIn, Twitter, Mozilla, AOL and WordPress. A complete list can be downloaded from the Tor website.

As a result of the wide scale of this incident Google and Mozilla have now blocked all certificates issued by DigiNotar. According to Mozilla “DigiNotar issues certificates as part of the Dutch government’s PKIoverheid (PKIgovernment) program. These certificates are issued from a different DigiNotar-controlled intermediate, and chain up to the Dutch government CA (Staat der Nederlanden).” The Dutch government has since audited DigiNotar’s performance and removed it from its PKIoverheid role. Therefore all DigiNotar certificates will now be untrusted by Mozilla products.

How Many Certificates Did Hackers Take From DigiNotar?

(LiveHacking.Com) – It looks like the dust isn’t going to settle quickly on the recent security breach at the Dutch Certificate Authority (CA) DigiNotar. A few days ago, DigiNotar’s parent company VASCO Data Security International, Inc. admitted that a security breach in its Certificate Authority (CA) infrastructure allowed the fraudulent issuance of public key certificate requests for a number of domains, including Google.com. It now seems that the actual number is over 200, maybe even more than 250.

Recent changes to Chromium, the open-source project that acts as a base for Google’s Chrome browser, list 247 DigiNotar certificates that are now blacklisted plus two intermediate certificates.

There is a growing sense that DigiNotar haven’t been as upfront about this incident as they could be.

It has now come to light that a certificate was also issued for addons.mozilla.org. “DigiNotar informed us that they issued fraudulent certs for addons.mozilla.org in July, and revoked them within a few days of issue,” Johnathan Nightingale, Mozilla’s director of Firefox development, wrote in a statement. “In the absence of a full account of mis-issued certificates from DigiNotar, the Mozilla team moved quickly to remove DigiNotar from our root program and protect our users.”