Certificate Authority Hacked, Google Faced MiTM Attack

A Dutch Certificate Authority, DigiNotar was hacked and it puts users who attempt to access the Google service to be exposed in the Man in the Middle attack. Bad news is even Google.com is affected and the good news is that it is not globally spread where it only hit the country of Iran.

Getting hack is not really a big deal today with all the giants like Comodo, RSA, and Sony were once those victims. The big deal here is how they deal back with the hack. Comodo RA was once hacked and compromised where they issued 10 fraudulent SSL certificates which were then immediately revoked and notified Microsoft to do the same.

gmail https

Credit: Maximum PC

DigiNotar instead acted differently. It was reported that they had already knew about the breach on the 19th of July, which is approximately 2 months ago. However, it was not clearly reported although they claim that they had already revoked those fraudulent certificates but missed the Google.com certificate.

Currently, all the major web browser who are Microsoft Internet Explorer, Mozilla Firefox and Google Chrome already made an update to completely remove the DigiNotar Root Certificate from the browser. This means that any certificates issued by DigiNotar now will not be a valid certificate as long as these three major web browser detects them.

As for DigiNotar side, they still unable to finalize all the fraudulent certificates. Is it a big time hacking or a small one remains unknown to us.  One thing that is pretty irresponsible is on the article that they had posted that says that 99% of the web browser warning on certificates can be ignored. The translated version is from Naked Security and this piece of advice is totally unacceptable.

This is not about playing computer games now. It is security that we are talking about. DigiNotar’s method of handling the threat is poor to me and I personally think they could have done a better one. I would like to end this article with a reminder that certificates warning should not be ignored and should be take into serious consideration. Always watch out for the HTTPS connection and ensure that it is a valid one.

Build Your Own Security
Subscribe to my newsletter and get a copy of my eBook for free.
We hate spam just as much as you

Related posts:

  1. Pwn2Own: Safari & IE8 Hacked, Firefox & Chrome Stand Strong
  2. Google Search Engine Warns User on Malware Infections
  3. Watch Out for Google Adwords Phishing Scam
About Alan Tay

This blog is owned and operated by myMediaInc. My Media operates content based online portals for IT professionals, technology managers and decision makers as well as business leaders. We publish original quality content focused in Software Development, IT Security, SaaS, Cloud Computing, Outsourcing, Project Management and Mobile and Wireless. Our mission is to explore how to help you optimize your resources in each of these areas.

Find us here IT Security Column.

Comments

  1. Asher from UK web hosting says:

    That’s a horrible news………….:(

  2. Dave says:

    99% of the web browser warning on certificates can be ignored!

    Totally shocked by this :)
    Regards
    Dave
    Dave recently posted..Custom Post Types PluginMy Profile

Speak Your Mind

*

CommentLuv badge
This blog uses premium CommentLuv which allows you to put your keywords with your name if you have had 3 approved comments. Use your real name and then @ your keywords (maximum of 3)