http://www.theregister.co.uk/2011/08/30/fraudulent_google_cert_update/ By Dan Goodin in San Francisco The Register 30th August 2011 A counterfeit credential authenticating Gmail and other sensitive Google services was the result of a network intrusion suffered by DigiNotar, the parent company of the Netherlands-based certificate authority said in a press release that raised disturbing new questions about security on the internet. Tuesday's disclosure by Chicago-based Vasco Data Security came as a growing roster of companies updated their software products to prevent them from trusting certificates issued by DigiNotar. At least one of them cited reports that the fraudulent certificate that came to light on Monday was used to spy on the electronic communications of people in Iran. Vasco said in its statement that a July 19 breach of DigiNotar's certificate authority system resulted in fraudulent secure sockets layer certificates being issued for a “number of domains, including Google.com.” The statement didn't specify the names or number of the additional domains, and representatives from both Vasco and DigiNotar didn't respond to emails seeking those details. An update to Google's Chrome browser suggests the breach may involve as many as 247 bogus certificates. “The attack was targeted solely at DigiNotar's certificate authority infrastructure for issuing SSL and EVSSL certificates,” the statement read. The company has suspended certificate services pending additional security audits by third-party firms. [...] _____________________________________________________________ Register now for the #HITB2011KUL - Asia's premier deep-knowledge network security event now in it's 9th year! http://conference.hitb.org/hitbsecconf2011kul/Received on Wed Aug 31 2011 - 02:30:22 PDT
This archive was generated by hypermail 2.2.0 : Wed Aug 31 2011 - 02:32:44 PDT