[ISN] Hackers steal SSL certificates for CIA, MI6, Mossad

From: InfoSec News <alerts_at_private>
Date: Tue, 6 Sep 2011 03:44:17 -0500 (CDT)
http://www.computerworld.com/s/article/9219727/Hackers_steal_SSL_certificates_for_CIA_MI6_Mossad

By Gregg Keizer
Computerworld
September 4, 2011

The tally of digital certificates stolen from a Dutch company in July 
has exploded to more than 500, including ones for intelligence services 
like the CIA, the U.K.'s MI6 and Israel's Mossad, a Mozilla developer 
said Sunday.

The confirmed count of fraudulently-issued SSL (secure socket layer) 
certificates now stands at 531, said Gervase Markham, a Mozilla 
developer who is part of the team that has been working to modify 
Firefox to blocks all sites signed with the purloined certificates.

Among the affected domains, said Markham, are those for the CIA, MI6, 
Mossad, Microsoft, Yahoo, Skype, Facebook, Twitter and Microsoft's 
Windows Update service.

"Now that someone (presumably from Iran) has obtained a legit HTTPS cert 
for CIA.gov, I wonder if the US gov will pay attention to this mess," 
Christopher Soghoian, a Washington D.C.-based researcher noted for his 
work on online privacy, said in a tweet Saturday.

[...]


_____________________________________________________________
Register now for the #HITB2011KUL - Asia's premier
deep-knowledge network security event now in it's 9th year!
http://conference.hitb.org/hitbsecconf2011kul/
Received on Tue Sep 06 2011 - 01:44:17 PDT

This archive was generated by hypermail 2.2.0 : Tue Sep 06 2011 - 01:45:08 PDT