Fraudulent DigiNotar SSL Certificate
Posted: Tue Aug 30, 2011 10:52 amFraudulent DigiNotar SSL Certificate
Original release date: August 30, 2011 at 8:40 am
Last revised: August 30, 2011 at 8:40 am
US-CERT is aware of public reports of the existence of at least one
fraudulent SSL certificate issued by DigiNotar. This fraudulent SSL
certificate could be used by an attacker to masquerade as any
subdomain of google.com.
Mozilla will be releasing new versions of Firefox for desktop (3.6.21,
6.0.1, 7, 8, and 9) and mobile (6.0.1, 7, 8, and 9). Additional
information can be found in the Mozilla Security Blog.
Microsoft has removed the DigiNotar root certificate from the
Microsoft Certificate Trust List. This change affects all versions of
Windows Vista, Windows 7, Windows Server 2008, and Windows Server 2008
R2. Microsoft will be releasing a future update for Windows XP and
Windows Server 2003 to address this issue. Additional information can
be found in Microsoft Security Advisory 2607712.
US-CERT encourages users and administrators to apply any necessary
updates to help mitigate the risks. US-CERT will provide additional
information as it becomes available.
Relevant Url(s):
<http://www.microsoft.com/technet/security/advisory/2607712.mspx?pubDate=2011-08-29>
<http://blog.mozilla.com/security/2011/08/29/fraudulent-google-com-certificate/>
====
This entry is available at
http://www.us-cert.gov/current/index.ht ... ertificate
Original release date: August 30, 2011 at 8:40 am
Last revised: August 30, 2011 at 8:40 am
US-CERT is aware of public reports of the existence of at least one
fraudulent SSL certificate issued by DigiNotar. This fraudulent SSL
certificate could be used by an attacker to masquerade as any
subdomain of google.com.
Mozilla will be releasing new versions of Firefox for desktop (3.6.21,
6.0.1, 7, 8, and 9) and mobile (6.0.1, 7, 8, and 9). Additional
information can be found in the Mozilla Security Blog.
Microsoft has removed the DigiNotar root certificate from the
Microsoft Certificate Trust List. This change affects all versions of
Windows Vista, Windows 7, Windows Server 2008, and Windows Server 2008
R2. Microsoft will be releasing a future update for Windows XP and
Windows Server 2003 to address this issue. Additional information can
be found in Microsoft Security Advisory 2607712.
US-CERT encourages users and administrators to apply any necessary
updates to help mitigate the risks. US-CERT will provide additional
information as it becomes available.
Relevant Url(s):
<http://www.microsoft.com/technet/security/advisory/2607712.mspx?pubDate=2011-08-29>
<http://blog.mozilla.com/security/2011/08/29/fraudulent-google-com-certificate/>
====
This entry is available at
http://www.us-cert.gov/current/index.ht ... ertificate