GITEX TECHNOLOGY WEEK 12-16 Oct 2014 - TP-LINK Launches Archer C7 802.11ac Wireless Dual Band Gigabit Router
 

FacebookLinked inTwitterGoogleInstagramttyou tube

Certificate Authority Hacked, Google Users Fall Victim to Man-in-the-Middle Attack

View all press releases

21 Sep 2011

Yesterday reports began to trickle in that Google users in Iran were victim to a man-in-the-middle attack through the use of an illegitimate SSL certificate issued for “*.google.com”.  This is the latest in a series of events involving a hacked Certificate Authority, but this time there was clear evidence that the fake certificate was being actively used.  Details of the attack and consequences are being written about extensively elsewhere, so we will give a brief overview and link to those directly involved and others with particularly insightful analysis.

 

The certificate being used was issued by a Dutch certificate authority, DigiNotar. The consequence is that this CA has essentially been given the “death penalty”. Microsoft, Mozilla and Google have removed the DigiNotar root certificate from their chain of trust and certificates signed by them will have no more trust than one you generate yourself.  It is good to see that those who have the strongest position when choosing which certificate authorities to trust are doing the right thing here, with a technology that so many people rely on for security, privacy and economic reason a “one strike and you’re out” system is appropriate.  With each attack similar to this one, we see that the current system of Certificate Authorities is quite open to abuse with the combination of centralized and opaque trust.  Compromises of that trust can have severe consequences.  The system is clearly broken, and while some are working on replacement solutions, it is what we have to use in the mean time.

Users are advised to remove the DigiNotar root certificate.

Firefox:
http://support.mozilla.com/en-US/kb/deleting-diginotar-ca-cert

Chrome:
http://googlechrometutorial.com/google-chrome-advanced-settings/Google-chrome-ssl-settings.html

IE:
Some newer versions of Windows seem to be automatically checking a CRL and therefore are able to provide protection without a software update: “All supported editions of Windows Vista, Windows 7, Windows Server 2008, and Windows Server 2008 R2 use the Microsoft Certificate Trust List to validate the trust of a certificate authority. There is no action required for users of these operating systems because Microsoft has removed the DigiNotar root certificate from the Microsoft Certificate Trust List.”

 

However older versions of Windows do not provide automatic protection:” Microsoft will release a future update to address this issue for all supported editions of Windows XP and Windows Server 2003.”

 

http://www.microsoft.com/technet/security/advisory/2607712.mspx

 

The DigiNotar root will be being removed from relevant Barracuda Networks products.

 

Further reading:

 

Tools/Possible SSL Alternatives for advanced users:

 

 

About Barracuda Networks Inc.

Barracuda Networks Inc. combines premises-based gateways and software, virtual appliances, cloud services, and sophisticated remote support to deliver comprehensive content security, data protection and application delivery solutions.  The company’s expansive product portfolio includes offerings for protection against email, Web and IM threats as well as products that improve application delivery and network access, message archiving, backup and data protection. Coca-Cola, FedEx, Harvard University, IBM, L'Oreal, and Europcar are among the more than 130,000 organizations protecting their IT infrastructures with Barracuda Networks’ range of affordable, easy-to-deploy and manage solutions.  Barracuda Networks is privately held with its International headquarters in Campbell, Calif.  For more information, please visit www.barracudanetworks.com.

Get Involved
Follow Us

Organised by

Co-located Events

infocomms2gsmanew

Strategic Partner


dic

Gulfcomms Endorsed
And Supported By
Official Technology
Car Partner
Majlis Lounge
Sponsor
Student Lab
In Association With

 


 

google

Student Lab
Lead Sponsor
Government Headline Sponsor

   edhrm   

   nbad mof

Mobile, Apps & Content
Headline Sponsor


   qualcomm

Content Hub
Sponsor
Smart Sessions Sponsor

 

 

Kaspersky

Industry Partner
Smart Sessions


       tie

Registration Sponsor



edhrm

Supported
By
Official
Publisher
Loading...
Official Travel
Partner
Loading...
Official Screen &
GITEX TV Partner
0
Official Regional
News Broadcaster




  sky

Gitex Trends Sponsors and Partners
Digital Strategies Forum
Strategic Sponsor


Gemalto Logo

Digital Strategies Forum Supporting Sponsor


scribble

Cloud Confex
Diamond Sponsor

Cloud Confex Platinum Sponsors

accf5

Cloud Confex Gold Sponsors

1 1

Big Data Conference
Diamond Sponsor

Accenture Logo

Big Data Conference Platinum Sponsors

Commvault LogoHuawei Logo

Big Data Gold Sponsors

1  1