QUOTE
Microsoft flips 'kill switch' on all DigiNotar certificates
Permanently blocks all SSL certificates issued by Dutch company hacked in June
By Gregg Keizer
September 6, 2011 02:37 PM ET
Computerworld - Microsoft today updated Windows to permanently block all digital certificates issued by a Dutch company that was hacked months ago.
The update -- the second for Windows Vista and Windows 7, but the first for the decade-old Windows XP -- moves all DigiNotar SSL (secure socket layer) certificates to Windows' block list, dubbed the Untrusted Certificate Store. Microsoft's Internet Explorer (IE) uses that list to bar the browser from reaching sites secured with dubious certificates.
DigiNotar, a certificate authority (CA) based in the Netherlands, has admitted that its servers were compromised in mid-July. A report made public Monday by a digital forensics firm said that hackers had acquired 531 certificates, including many used by the Dutch government, and that DigiNotar was unaware of the intrusion for approximately a month.
In that forensics report, Fox-IT said that hackers controlled DigiNotar's servers starting June 17, and that during a month-long stretch in July and August, hackers spied on 300,000 Iranians' Gmail accounts.
SSL certificates are used by websites and browsers to identify a site as legitimate; illegally-obtained certificates can be abused to disguise unauthorized domains using "man-in-the-middle" attacks.
The Windows update will be automatically downloaded and installed to machines that have Windows Update's Automatic Update enabled, Microsoft said in a security advisory.
More about at:
http://www.computerw...ar_certificates
http://www.computerw...tch_firm_admits?
http://www.computerw...gle_certificate
http://www.computerw...gle_certificate
http://www.microsoft...ry/2607712.mspx
Permanently blocks all SSL certificates issued by Dutch company hacked in June
By Gregg Keizer
September 6, 2011 02:37 PM ET
Computerworld - Microsoft today updated Windows to permanently block all digital certificates issued by a Dutch company that was hacked months ago.
The update -- the second for Windows Vista and Windows 7, but the first for the decade-old Windows XP -- moves all DigiNotar SSL (secure socket layer) certificates to Windows' block list, dubbed the Untrusted Certificate Store. Microsoft's Internet Explorer (IE) uses that list to bar the browser from reaching sites secured with dubious certificates.
DigiNotar, a certificate authority (CA) based in the Netherlands, has admitted that its servers were compromised in mid-July. A report made public Monday by a digital forensics firm said that hackers had acquired 531 certificates, including many used by the Dutch government, and that DigiNotar was unaware of the intrusion for approximately a month.
In that forensics report, Fox-IT said that hackers controlled DigiNotar's servers starting June 17, and that during a month-long stretch in July and August, hackers spied on 300,000 Iranians' Gmail accounts.
SSL certificates are used by websites and browsers to identify a site as legitimate; illegally-obtained certificates can be abused to disguise unauthorized domains using "man-in-the-middle" attacks.
The Windows update will be automatically downloaded and installed to machines that have Windows Update's Automatic Update enabled, Microsoft said in a security advisory.
More about at:
http://www.computerw...ar_certificates
http://www.computerw...tch_firm_admits?
http://www.computerw...gle_certificate
http://www.computerw...gle_certificate
http://www.microsoft...ry/2607712.mspx
