|
DigiNotar is a “root” certificate and it can assign authority to intermediaries to sign and validate certificates on its behalf. According to a Mozilla developer, the tally of digital certificates stolen from a Dutch company in July 2011 has enable hackers to acquire over more than 500 DigiNotar Digital Certificates, including those of Intelligence services such as the CIA, UK's MI6 and Israel's Mossad, as stated on the website of ‘Computer World' .
According to Naked Security- Sophos, the attackers have signed about 186 certificates that could have been intermediate certificates. These certificates masqueraded as well-known certificate authorities like Thawte, Verisign, Comodo and Equifax. Apart from Intelligent services, other list of domains for which fraudulent certificates were issued include those of Microsoft, Yahoo, Skype, Facebook, AOL, WordPress, Mozilla, Twitter and Microsoft's Windows Update Service. The stolen certificates could be used by criminals or governments to conduct “man-in-the-middle” attacks by making users believe that they were at a legitimate website when in fact their communications were being secretly recorded.
Google and Mozilla stated that they would permanently block all the digital certificates issued by DigiNotar and those used by the Dutch Government.
Read More:
http://www.computerworld.com/s/article/9219727/ Source:
Computer World
www.computerworld.com
Naked Security – Sophos
http://nakedsecurity.sophos.com/2011/09/05/ssl-certificate-debacle-includes-cia-mi6-mossad-and-tor/
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
|
