Fraudulent security certificates !!!!!

[Abarbarian]

http://www.tgdaily.com/security-features/58282-diginotar-security-breach-hit-cia-mi6-and-mossad

Dutch firm DigiNotar issued twice as many fraudulent security certificates as initially believed, according to the auditors investigating the breach - and affected intelligence agencies including the CIA.
The intrusion came to light a week ago, when Google warned that its security certificate had been compromised, potentially allowing 'man-in-the-middle attacks against users of Gmail and other Google services.
Fox-IT says that the initial compromise took place on June 17 - and was discovered by DigiNotar two days later - but that the first rogue certificate wasn't issued until July 10th.
And over the next ten days, says Fox-IT, 530 fraudulent certificates were issued - more than twice as many as initially reported.
Sites including the CIA, MI6, Mossad, Facebook, Microsoft, Skype and Twitter were hit.

http://www.tgdaily.com/security-fea...d:+tgdaily_all_sections+(TG+Daily+-+All+News)

A second provider of security certificates says it may have been hit by hackers in a smilar attack to last month's DigiNotar breach.

GlobalSign has responded by temporarily ceasing the issuing of security certificates.
"GlobalSign takes this claim very seriously and is currently investigating," says the company.
"GlobalSign has officially announced the appointment of Fox-IT to assist with investigations into the claimed breach. Fox-IT is the Dutch cybersecurity experts hired to investigate the compromise of the Dutch CA DigiNotar and therefore already have a wealth of current knowledge and experience of the hacker."

http://www.tgdaily.com/security-fea...d:+tgdaily_all_sections+(TG+Daily+-+All+News)

After the recent breach at web security certificate authority DigiNotar, and with fears that others have been compromised too, Mozilla has ordered certificate issuers to get their own house in order.
It's giving them until 16 September to audit their own internal security systems and assure Mozilla that they haven't been compromised.
"Participation in Mozilla's root program is at our sole discretion, and
we will take whatever steps are necessary to keep our users safe," it warns.

Good to see FF on the ball.

 

[Abarbarian]

http://www.theregister.co.uk/2011/09/09/apple_purges_diginotar_certificates/

Apple's delayed response comes in sharp contrast. Not only has it taken longer to issue the update, but it didn't utter a peep of warning to its users in the intervening time. At time of writing, there were no updates available that purged the untrustworthy DigiNotar root certificates from iOS, meaning iPhone and iPad users are still vulnerable to fraudulent DigiNotar certificates.
Users of Google's Android OS for smartphones also remain wide open.
The threats Apple and Google have failed to protect their users against are by no means theoretical. At least one of the certificates has already been encountered by at least 300,000 people, mostly in Iran, as they accessed Gmail or other protected Google services. Trend Micro has more details about the certificate here