CERT mailing list archives

Current Activity - Fraudulent DigiNotar SSL Certificate

From: Current Activity <us-cert () us-cert gov>
Date: Fri, 9 Sep 2011 15:03:46 -0400

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

US-CERT Current Activity

Fraudulent DigiNotar SSL Certificate

Original release date: August 30, 2011 at 8:40 am
Last revised: September 9, 2011 at 2:15 pm

US-CERT is aware of public reports of the existence of fraudulent SSL
certificates issued by DigiNotar. These fraudulent SSL certificates
could be used by an attacker to masquerade as legitimate sites.

Mozilla has released Firefox 3.6.22 and Firefox 6.0.2 to address this
issue. Additional information can be found in the Mozilla Security
Blog.

Microsoft has removed the DigiNotar root certificates from the
Microsoft Certificate Trust List. This change affects all versions of
Windows Vista, Windows 7, Windows XP, Windows Server 2008, Windows
Server 2008 R2, and Windows Server 2003. Additional information can be
found in Microsoft Security Advisory 2607712.

Google Chrome users are protected from this attack due to Chrome's
built-in certificate pinning feature. Google has also released Chrome
13.0.782.220 for Windows, Mac, Linux, and Chrome Frame to address this
issue. Additional information can be found in the Google Security
Blog and in the Google Chrome Releases blog entry.

Apple has released Security Update 2011-005 for Mac OS X 10.6.8, Mac
OS X Server 10.6.8, OS X Lion 10.7.1, and Lion Server 10.7.1 to
address this issue. Additional information can be found in Apple
article HT4920.

Adobe will be releasing an update to remove the DigiNotar certificate
from the Adobe Approved Trust List. In the meantime, Adobe has
released a blog entry containing a work-around for Adobe Reader and
Acrobat 9, and Adobe Reader and Acrobat X.

US-CERT encourages users and administrators to apply any necessary
updates to help mitigate the risks. US-CERT will provide additional
information as it becomes available.

Relevant Url(s):
<http://www.microsoft.com/technet/security/advisory/2607712.mspx?pubDate=2011-08-29>

<http://blog.mozilla.com/security/2011/08/29/fraudulent-google-com-certificate/>

<http://support.apple.com/kb/HT4920>

<http://googleonlinesecurity.blogspot.com/2011/08/update-on-attempted-man-in-middle.html>

<http://googlechromereleases.blogspot.com/2011/09/stable-channel-update.html>

<http://blogs.adobe.com/psirt/2011/09/update-on-diginotar-and-the-adobe-approved-trust-list-aatl.html>

====
This entry is available at
http://www.us-cert.gov/current/index.html#fraudulent_diginotar_ssl_certificate

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBTmpjCj6pPKYJORa3AQJ33wgAwSnlgjY1eGNp2EVOEnkA3sXV3PaSO2VO
qKiW7UJNkFFcCoQoSPOV1npn/+q+aSRflNj/nCIvYapN4780ivSw5yUBFgQHIyM+
qoWv4G8EcNGmUInwtYBEPF4/Nk9IMH2WjkqbmC98TqcOzrB+K+JWS6NqIGHvOKuQ
XN44v+Yh9OqyHWdePIapSCoLWuDqYG5QBmAxBdlQUHm5uAAxrs+z3+crgEPsxYzO
jiRpUqbQGj6OIddUTpGitTT1ZB6bkqNyDE7u07MVdHnMcGaoy6lk8Tg28dzKNlEh
kubUhOxFA2wy4k0+jRnNo0VUW2PAs29MJRkz+h74hVeFc1d1+/0NCw==
=3dqT
-----END PGP SIGNATURE-----

Current thread:

Current Activity - Fraudulent DigiNotar SSL Certificate Current Activity (Aug 30)
- <Possible follow-ups>
- Current Activity - Fraudulent DigiNotar SSL Certificate Current Activity (Sep 09)