http://www.theregister.co.uk/2011/09/08/mozilla_certificate_authority_audit/ By Dan Goodin in San Francisco The Register 8th September 2011 Mozilla has directed all web authentication authorities trusted by its software to conduct security audits to ensure they aren't being abused to issue counterfeit secure sockets layer certificates. Thursday's note from Kathleen Wilson, who oversees the certificate authorities included in the Firefox browser and Thunderbird email client, gives all participants eight days to confirm their systems are secure from the same type of compromise that recently hit Netherlands-based DigiNotar. Hackers penetrated the authority's certificate issuance systems and minted at least 531 counterfeit credentials, including one for a Google.com that was used to spy on Iranians accessing their Gmail accounts. “Mozilla recently removed the DigiNotar root certificate in response to their failure to promptly detect, contain, and notify Mozilla of a security breach regarding their root and subordinate certificates,” Wilson wrote. “If you ever have reason to suspect a security breach or mis-issuance has occurred at your CA or elsewhere, please contact [Mozilla] immediately.” DigiNotar's omissions came as a personal affront to Mozilla, since one of the domains they imperiled was https://addons.mozilla.org/, home of tens of thousands of addons that add powerful capabilities to the default versions of Firefox and Thunderbird. [...] _____________________________________________________________ Register now for the #HITB2011KUL - Asia's premier deep-knowledge network security event now in it's 9th year! http://conference.hitb.org/hitbsecconf2011kul/Received on Fri Sep 09 2011 - 00:59:25 PDT
This archive was generated by hypermail 2.2.0 : Fri Sep 09 2011 - 00:56:57 PDT