Mozilla, Tor Project, Yahoo targeted through DigiNotar attack
Posted on 01 September 2011.
Following the admission that the rogue SSL certificate that allowed attackers to impersonate Google was missed by auditors and that several dozen other certificates were created at the same time but were soon revoked, the Internet is abuzz with speculation about what other sites were targeted.


The news that Google has blacklisted 247 additional certificates in the newly released version of its Chrome browser - combined with the fact that VASCO and DigiNotar have still not shared the list of the other rogue certificates - have made the press search for other sources.

And they found one. Hans Van de Looy, founder and chief security consultant of a Dutch security security company says that a source that wished to remain anonymous has shared with him that some 200 rogue certificates were generated following the breach.

Among those were certificates for Mozilla's add-ons site, Yahoo, the Tor Project site, WordPress and Iranian blogging service Balatarin, says the source. And while others have still not confirmed it, Computerworld reports that Mozilla acknowledged that DigiNotar had informed them about the rogue certificate issued for their site in July, and that they had revoked it a couple of days after it was issued.

Other details shared in DigiNotar's press release also make security researchers worry.

Sophos' Chester Wisniewski is concerned about the discrepancy between the date of issue of the certificates (Google's was July 10) and the date of the discovery of the intrusion (July 19). Also, according to him, the issued certificates were revoked in batches through July and August - well after the breach occurred. The attackers had, consequently, plenty of time to misuse them.

Kaspersky Lab's Roel Schouwenberg also points out that the CA said that they were not able to track which rogue certificates were generated. "Either DigiNotar performs no logging of the certificates they create or their logs got cleaned out during the attack," he says. That means that, either way, there might be other rogue certificates out there that they don't know about.

But, above all, what they are all greatly concerned about is the fact that DigiNotar kept this intrusion under wraps for so long. "DigiNotar's response to this whole debacle has only made me more worried about how deep this attack may have run," says Schouwenberg."To me, it seems that DigiNotar has not realized certificate authorities need to sell trust above anything else."






Spotlight

The psychology of phishing

Posted on 23 July 2014.  |  Cybercriminals no longer send out thousands of emails at random hoping to get a handful of hits, today they create highly targeted phishing emails which are tailored to suit their recipients.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Thu, Jul 24th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //