Hackers have acquired a digital certificate from a certificate authority enabling them to issuefraudulent public key certificate requests to a number of domains, including websites owned bysearch engine giant Google.
The certificate breach at Dutch certificate authority, DigiNotar, a subsidiary of VASCO DataSecurity International Inc., gave the cybercriminals the ability to use a rogueSSL certificate to hijack Gmail accounts and spoof secure websites that use SSL and EVSSLdigital certificates for security and to prove their legitimacy to users. The breach took placeJuly 19. In a statement issued by VASCO, the company said it thought it had revokedall fraudulent certificates.
Recently, it was discovered that at least one fraudulent certificate had not been revoked atthe time, the company said. After being notified by Dutch government organization Govcert,DigiNotar took immediate action and revoked the fraudulent certificate.
The attack was targeted at the systems DigiNotar uses to issue its digital certificates. Thecertificate authority is temporarily suspending the sale of its SSL and EVSSL certificates untilthe conclusion of additional security audits. VASCO said the systems that run its strongauthentication business were not affected by the breach. Details of the stolen certificate wereposted to a public forum last Saturday.
On Monday Google responded to the rogue certificate, claiming it had disabledthe DigiNotar certificate authority in Chrome. The company said the certificate primarilyaffects people in Iran. Mozilla has also disabled support of the certificate.
This means Chrome and Firefox users will receive alerts if they try to visit websites that useDigiNotar certificates, wrote Heather Adkins, an information security manager at Google in theGoogle Online Security blog. To help deter unwanted surveillance, we recommend users, especiallythose in Iran, keep their Web browsers and operating systems up to date and pay attention to Webbrowser security warnings.
Microsoft issued an advisory Monday, announcing it had removedthe DigiNotar root certificate from the list of trusted root certificates for users of WindowsVista and Windows 7.
The certificate potentially affects Internet users attempting to access websites belonging toGoogle, wrote Dave Forstrom, director of Microsoft Trustworthy Computing in the Microsoft SecurityResponse Center blog. A fraudulent certificate may be used to spoof Web content, performphishing attacks or perform man-in-the-middle attacks against end users.
Attackers have targeted certificate authorities in the past. In March, hackersstole certificates from Comodo Inc. after they penetrated the systems of one of its partnerregistration authorities.The breach resulted in nine fraudulent certificates issued to seven Webdomains, including search engine giants Google and Yahoo. An Iranian hacker claimed responsibilityfor stealing the SSL certificates. Comodo said at no time were any Comodo root keys, intermediateCAs or secure hardware compromised.
0 comments:
Post a Comment