A post on Mozilla Firefox's help page shows users how to manually remove DigiNotar certificates
(WEB HOST INDUSTRY REVIEW) — Google (www.google.com) disabled a rogue SSL certificate issued by Dutch root certificate authority DigiNotar (www.diginotar.com) on Monday after it received reports of attempted man-in-the-middle attacks on its Gmail service, according to a blog post.
According to Monday’s blog post, the users affected were primarily located in Iran.
Man-in-the-middle attacks try to get between users and encrypted services to capture login details to access a Gmail account, for example.
Chrome detected the fraudulent certificate, and will disable the DigiNotar certificates while Google continues to investigate the incident, the blog post says.
Google says DigiNotar “should not issue certificates for Google (and has since revoked it).”
On Tuesday, DigiNotar released a statement that indicated it detected an intrusion to its CA infrastructure on July 19, 2011, resulting in the fraudulent issuance of certificates for a number of domains, including Google.com.
DigiNotar says it thought all fraudulent certificates were revoked after completing an external security audit. The certificate detected by Google has now been revoked, according to the press release.
Google warned users, especially those in Iran, to take caution and update web browsers and operating systems “to help deter unwanted surveillance.”
Mozilla also notified its users on Monday about the rogue certificate, and says it will release new versions of Firefox, Thunderbird and SeaMonkey “shortly that will revoke trust in the DigiNotar root and protect users from this attack.” Mozilla posted instructions for users to manually delete DigiNotar certificates on its help page.
Microsoft announced that it would remove DigiNotar from its Microsoft Certificate Trust List as well.
At the end of May, security research group F-Secure released findings that indicate Google Docs may contain phishing websites.
About Nicole Henderson
Nicole Henderson writes full-time for the Web Host Industry Review where she covers daily news and features online, as well as in print. She has a bachelor of journalism from Ryerson University in Toronto, and has been writing for the WHIR since September 2010. You can find her on Twitter @NicoleHenderson.
No related posts.
