CERT mailing list archives
Current Activity - Fraudulent SSL Certificates
From: Current Activity <us-cert () us-cert gov>
Date: Wed, 23 Mar 2011 14:38:55 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 US-CERT Current Activity Fraudulent SSL Certificates Original release date: March 23, 2011 at 1:54 pm Last revised: March 23, 2011 at 1:54 pm US-CERT is aware of public reports of the existence of fraudulent SSL certificates. These fraudulent SSL certificates could be used by an attacker to masquerade as a trusted website. Multiple web browser vendors have provided updates to recognize and block these fraudulent SSL certificates. Mozilla has updated Firefox 4.0, 3.6, and 3.5. Additional information can be found in the Mozilla Security Blog. Microsoft has released updates for various platforms in Microsoft Knowledge Base Article 2524375. Additional information can be found in Microsoft Security Advisory 2524375. US-CERT encourages users and administrators to apply any necessary updates to help mitigate the risks. US-CERT will provide additional information as it becomes available. Relevant Url(s): <http://blog.mozilla.com/security/2011/03/22/firefox-blocking-fraudulent-certificates/> <http://www.microsoft.com/technet/security/advisory/2524375.mspx> <http://support.microsoft.com/kb/2524375> ==== This entry is available at http://www.us-cert.gov/current/index.html#fradulent_ssl_certificates -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iQEVAwUBTYo+LT6pPKYJORa3AQLlmwf/ejQBMj4CkjPdloCu3OOoRIWG5RPjdJu8 6hu0yyNfrknwIrxIn1MRuMpQU2mRdJfYOXqw8vGsLMpwSUcAhgIwrp435uiMCVXZ cnwzs3Wf1Wt6uOozPWXdcUI41ScR4llpkBDQcmsPe/HKKmpuz2f3G8FXwFJIo/jH 9JrFh7aU+Q9G71lilZom6QG9O4H44oRgAEZ1XKimh9/QUUHxe86dOku5/ZxSG0J+ dzHTBjlhehUSzxSbwVFYU0GAnMXg4QJpOzjxto0IOSIzah66AejHrRGstAV1U3aW 1hypZmC5fHImMFHb2XoJ8OG5rVEjsbar3kTSRdazEH+n5PWizNcqYA== =SnZ0 -----END PGP SIGNATURE-----
Current thread:
- Current Activity - Fraudulent SSL Certificates Current Activity (Mar 23)