Gitex Technology Week 2014

18-22 October 2015

Dubai World Trade Centre

image

Certificate Authority Hacked, Google Users Fall Victim to Man-in-the-Middle Attack

View all press releases

21 Sep 2011

Yesterday reports began to trickle in that Google users in Iran were victim to a man-in-the-middle attack through the use of an illegitimate SSL certificate issued for “*.google.com”.  This is the latest in a series of events involving a hacked Certificate Authority, but this time there was clear evidence that the fake certificate was being actively used.  Details of the attack and consequences are being written about extensively elsewhere, so we will give a brief overview and link to those directly involved and others with particularly insightful analysis.

 

The certificate being used was issued by a Dutch certificate authority, DigiNotar. The consequence is that this CA has essentially been given the “death penalty”. Microsoft, Mozilla and Google have removed the DigiNotar root certificate from their chain of trust and certificates signed by them will have no more trust than one you generate yourself.  It is good to see that those who have the strongest position when choosing which certificate authorities to trust are doing the right thing here, with a technology that so many people rely on for security, privacy and economic reason a “one strike and you’re out” system is appropriate.  With each attack similar to this one, we see that the current system of Certificate Authorities is quite open to abuse with the combination of centralized and opaque trust.  Compromises of that trust can have severe consequences.  The system is clearly broken, and while some are working on replacement solutions, it is what we have to use in the mean time.

Users are advised to remove the DigiNotar root certificate.

Firefox:
http://support.mozilla.com/en-US/kb/deleting-diginotar-ca-cert

Chrome:
http://googlechrometutorial.com/google-chrome-advanced-settings/Google-chrome-ssl-settings.html

IE:
Some newer versions of Windows seem to be automatically checking a CRL and therefore are able to provide protection without a software update: “All supported editions of Windows Vista, Windows 7, Windows Server 2008, and Windows Server 2008 R2 use the Microsoft Certificate Trust List to validate the trust of a certificate authority. There is no action required for users of these operating systems because Microsoft has removed the DigiNotar root certificate from the Microsoft Certificate Trust List.”

 

However older versions of Windows do not provide automatic protection:” Microsoft will release a future update to address this issue for all supported editions of Windows XP and Windows Server 2003.”

 

http://www.microsoft.com/technet/security/advisory/2607712.mspx

 

The DigiNotar root will be being removed from relevant Barracuda Networks products.

 

Further reading:

 

Tools/Possible SSL Alternatives for advanced users:

 

 

About Barracuda Networks Inc.

Barracuda Networks Inc. combines premises-based gateways and software, virtual appliances, cloud services, and sophisticated remote support to deliver comprehensive content security, data protection and application delivery solutions.  The company’s expansive product portfolio includes offerings for protection against email, Web and IM threats as well as products that improve application delivery and network access, message archiving, backup and data protection. Coca-Cola, FedEx, Harvard University, IBM, L'Oreal, and Europcar are among the more than 130,000 organizations protecting their IT infrastructures with Barracuda Networks’ range of affordable, easy-to-deploy and manage solutions.  Barracuda Networks is privately held with its International headquarters in Campbell, Calif.  For more information, please visit www.barracudanetworks.com.

Sponsors

  • Analytics PartnerAnalytics Partner
  • Arabic News PartnerArabic News Partner
  • Big Data – Platinum SponsorBig Data – Platinum Sponsor
  • Big Data – Platinum SponsorBig Data – Platinum Sponsor
  • Big Data Diamond SponsorBig Data Diamond Sponsor
  • Cloud Confex – Platinum SponsorCloud Confex – Platinum Sponsor
  • Cloud Confex Diamond SponsorCloud Confex Diamond Sponsor
  • Cloud Confex Gold SponsorCloud Confex Gold Sponsor
  • Cloud Confex Platinum SponsorCloud Confex Platinum Sponsor
  • Co-located EventCo-located Event
  • Co-located EventCo-located Event
  • Content Hub & Media Centre SponsorContent Hub & Media Centre Sponsor
  • Digital Strategies Forum – Strategic SponsorDigital Strategies Forum – Strategic Sponsor
  • FTTH Workshops In Association WithFTTH Workshops In Association With
  • GulfComms Endorsed ByGulfComms Endorsed By
  • GulfComms Headline SponsorGulfComms Headline Sponsor
  • Industry Briefings Government – Strategic SponsorIndustry Briefings Government – Strategic Sponsor
  • Industry Partner Smart SessionsIndustry Partner Smart Sessions
  • Knowledge PartnerKnowledge Partner
  • Majlis Lounge SponsorMajlis Lounge Sponsor
  • Network & Security Headline SponsorNetwork & Security Headline Sponsor
  • Official Arabic Live Blog PartnerOfficial Arabic Live Blog Partner
  • Official Country Partner: NigeriaOfficial Country Partner: Nigeria
  • Official Courier HandlerOfficial Courier Handler
  • Official PublisherOfficial Publisher
  • Official Regional News BroadcasterOfficial Regional News Broadcaster
  • Official Smart Car PartnerOfficial Smart Car Partner
  • Official Transportation Partner Official Transportation Partner
  • Official Travel PartnerOfficial Travel Partner
  • Organised byOrganised by
  • Pre-Registration SponsorPre-Registration Sponsor
  • Smart Experience Partner Smart Experience Partner
  • Smart Sessions Strategic SponsorSmart Sessions Strategic Sponsor
  • SME Zone Publication PartnerSME Zone Publication Partner
  • Strategic PartnerStrategic Partner
  • Student Lab In Association WithStudent Lab In Association With
  • Student Lab Lead SponsorStudent Lab Lead Sponsor
  • Supported BySupported By
  • Supporting PartnerSupporting Partner
  • UAE Live Blog PartnerUAE Live Blog Partner
  • Organised by
    Organised by
  • Co-located Event
    Co-located Event
  • Co-located Event
    Co-located Event
  • Official Country Partner: Nigeria
    Official Country Partner: Nigeria
  • Strategic Partner
    Strategic Partner
  • GulfComms Endorsed By
    GulfComms Endorsed By
  • Smart Experience Partner
    Smart Experience Partner
  • Majlis Lounge Sponsor
    Majlis Lounge Sponsor
  • Official Smart Car Partner
    Official Smart Car Partner
  • Network & Security Headline Sponsor
    Network & Security Headline Sponsor
  • GulfComms Headline Sponsor
    GulfComms Headline Sponsor
  • Student Lab In Association With
    Student Lab In Association With
  • Student Lab Lead Sponsor
    Student Lab Lead Sponsor
  • Pre-Registration Sponsor
    Pre-Registration Sponsor
  • Content Hub & Media Centre Sponsor
    Content Hub & Media Centre Sponsor
  • Smart Sessions Strategic Sponsor
    Smart Sessions Strategic Sponsor
  • Big Data Diamond Sponsor
    Big Data Diamond Sponsor
  • Big Data – Platinum Sponsor
    Big Data – Platinum Sponsor
  • Cloud Confex Diamond Sponsor
    Cloud Confex Diamond Sponsor
  • Big Data – Platinum Sponsor
    Big Data – Platinum Sponsor
  • Cloud Confex Platinum Sponsor
    Cloud Confex Platinum Sponsor
  • Cloud Confex – Platinum Sponsor
    Cloud Confex – Platinum Sponsor
  • Cloud Confex Gold Sponsor
    Cloud Confex Gold Sponsor
  • Industry Partner Smart Sessions
    Industry Partner Smart Sessions
  • Digital Strategies Forum – Strategic Sponsor
    Digital Strategies Forum – Strategic Sponsor
  • Industry Briefings Government – Strategic Sponsor
    Industry Briefings Government – Strategic Sponsor
  • FTTH Workshops In Association With
    FTTH Workshops In Association With
  • Official Transportation Partner
    Official Transportation Partner
  • Supporting Partner
    Supporting Partner
  • Supported By
    Supported By
  • Knowledge Partner
    Knowledge Partner
  • SME Zone Publication Partner
    SME Zone Publication Partner
  • Official Publisher
    Official Publisher
  • Official Travel Partner
    Official Travel Partner
  • Arabic News Partner
    Arabic News Partner
  • Official Arabic Live Blog Partner
    Official Arabic Live Blog Partner
  • UAE Live Blog Partner
    UAE Live Blog Partner
  • Analytics Partner
    Analytics Partner
  • Official Regional News Broadcaster
    Official Regional News Broadcaster
  • Official Courier Handler
    Official Courier Handler