As one person on the Register article said maybe it is time to just remove this company's root certificate from all machines. 40 days to find out it had issued this cert?
Jon On Tue, Aug 30, 2011 at 1:46 PM, Kurt Buff <kurt.b...@gmail.com> wrote: > ---------- Forwarded message ---------- > From: Current Activity <us-c...@us-cert.gov> > Date: Tue, Aug 30, 2011 at 06:13 > Subject: US-CERT Current Activity - Fraudulent DigiNotar SSL Certificate > To: Current Activity <current-activ...@us-cert.gov> > > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > US-CERT Current Activity > > Fraudulent DigiNotar SSL Certificate > > Original release date: August 30, 2011 at 8:40 am > Last revised: August 30, 2011 at 8:40 am > > > US-CERT is aware of public reports of the existence of at least one > fraudulent SSL certificate issued by DigiNotar. This fraudulent SSL > certificate could be used by an attacker to masquerade as any > subdomain of google.com. > > Mozilla will be releasing new versions of Firefox for desktop (3.6.21, > 6.0.1, 7, 8, and 9) and mobile (6.0.1, 7, 8, and 9). Additional > information can be found in the Mozilla Security Blog. > > Microsoft has removed the DigiNotar root certificate from the > Microsoft Certificate Trust List. This change affects all versions of > Windows Vista, Windows 7, Windows Server 2008, and Windows Server 2008 > R2. Microsoft will be releasing a future update for Windows XP and > Windows Server 2003 to address this issue. Additional information can > be found in Microsoft Security Advisory 2607712. > > US-CERT encourages users and administrators to apply any necessary > updates to help mitigate the risks. US-CERT will provide additional > information as it becomes available. > > Relevant Url(s): > < > http://www.microsoft.com/technet/security/advisory/2607712.mspx?pubDate=2011-08-29 > > > > < > http://blog.mozilla.com/security/2011/08/29/fraudulent-google-com-certificate/ > > > > ==== > This entry is available at > > http://www.us-cert.gov/current/index.html#fraudulent_diginotar_ssl_certificate > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.5 (GNU/Linux) > > iQEVAwUBTlzh4D6pPKYJORa3AQL92AgAwnGW4gCimieecUZHFLQ1oI2JfJFSLHAy > JCMCYGFf8sVPt2Dpy7Do6mRzvlVKDqntG1UtEWwyN7ltcRdiz3LiFMrbgqZi3ItS > 2IWl51cATQzaiWnEHZrNeNew+pffgLjBbyCPLBWRTHbgL2LHreG09ygTXPnn8xek > cxmsSp5PQc46pK46uo1XR679i/fc7XAGSKFxryIGN164Th0BewKWjIx5ONuguxa+ > 6r8C+aPzOLzBSKJ8qgekXfq4AN4gaAWC3fihPfAmb1/iuWMjD2be01djmpqbLOuI > nZKUcQrP2+1yL/Ejr6bnyMd9oaJIHzumAnLdbvlJJGVrjj9Vg9XacA== > =ckfc > -----END PGP SIGNATURE----- > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
