CA’s hacked

Wow, it really has been a bad week for Certificate Authorities. First DigiNotar gets cracked by a seemingly insistent CA cracker called ComodoHacker; now GlobalSign has stopped processing certificate requests due to possible compromise by the same cracker.

It all started in March this year with the Comodo CA breach. Next was StartCom the Israeli CA ( although they say that nothing was compromised ). Then an attack on DigiNotar appears to have been initiated on June 17. Apparently 531 rogue certificates were issued ( and then revoked ) in the period July 19 to 29. That amount may not even be the final value. According to an audit by Fox-IT, the attack was mostly successful due to glaring security weaknesses in DigiNotar’s networks, apps and architecture.

Last week, Microsoft removed DigiNotar’s root CA certs from it’s browsers, and this week, they have moved these certs as well as some other Dutch government certs to the untrusted certificate store.

The Firefox 6.0.2 update this week effectively does the same thing. Cumulatively, these steps will have a massive impact on the Dutch government’s websites and their ability to function.

The same cracker has boasted that he/she has compromised 4 other CAs as well, one of these being GlobalSign. As a result, GlobalSign has suspended issuing further certs pending an investigation into the claim.

For those who can not ( for some strange reason ) run updated web browsers ( with the compromised CA removed ), you can manually affect the same result by removing the CA cert in your browser:

Firefox

Edit/Tools -> Preferences -> Advanced -> Encryption -> View Certificates -> Authorities

Find the DigiNotar root CA in the list and delete/distrust

Internet Explorer/Windows

Start -> Control Panel -> Internet Options ( in classic view ) -> Content -> Certificates -> Trusted Root Certificate Authorities

Find the DigiNotar root CA in the list and remove

Other browsers will have similar options in the preferences section.

Robby Pedrica

Robby Pedrica is a storage and security specialist providing IT and ITSM consulting services in Southern Africa to SME and Enterprise clients. With 20 years of experience, and numerous certifications, Robby excels in niche areas such as systems monitoring, load balancing, advanced storage functions like virtualisation, backup and replication, virtual security appliances, and FOSS software infrastructure such as web, email and application servers. He also runs 'Robby Pedrica's Tech Blog' expounding the mantra of security, security, security.

robbypedrica has 22 posts and counting.See all posts by robbypedrica

Pin It on Pinterest