Fraudulent SSL Digital Certificates affect multiple Internet Applications and Network devices
RISK: Medium Risk
TYPE: Attacks - Other
DigiNotar is a Dutch certification authority (CA) for issuing the SSL and EVSSL digital certificate, many internet application and network devices are preloaded the DigiNotar's root certificate in the trusted root certification authorities. The list of known fraudulent certificates issued by DigiNotarby contains some high level domains e.g. google.com, mozilla.com, yahoo.com, torproject.org etc.
Although the attack was said to target Iran, the hacker who has access to the root certificate of DigiNotar can generate and sign fraudulent SSL digital certificate for any domain. A fraudulent SSL digital certificate could be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against all Internet users. Many of the major browser vendors had removed DigiNotar root certificates from their list of trusted CA.
HKCERT is aware of public reports of the existence of fraudulent SSL certificates issued by DigiNotar due to the organization suffered a serious security breach incident. Vasco, the parent company of DigiNotar, had issued a press release on the details of the incident on 30 August. HKCERT had blogged DigiNotar CA security breach resulting in issuance of fake certificates on 1 September to arouse attention of general public.
Impact
- Spoofing
System / Technologies affected
- Any Internet applications and network devices preloaded the DigiNotar root certificate.
Solutions
- Untrust DigiNotar's root certificate completely by manual removal or apply the vendor's security patch to remove their root certificate.
Apply vendor's security patch
For general users:Adobe Security Update APSB11-24
http://www.adobe.com/support/security/bulletins/apsb11-24.htmlApple Security Update 2011-005
http://support.apple.com/kb/HT4920Google Chrome version update
http://googlechromereleases.blogspot.com/2011/09/stable-channel-update.htmlMicrosoft Security Advisory (2607712, 2616676)
http://technet.microsoft.com/en-us/security/advisory/2607712
http://support.microsoft.com/kb/2616676Mozilla Security Update
http://blog.mozilla.com/security/category/security-updates/
For IT administrators:
CheckPoint Security Update
http://supportcontent.checkpoint.com/solutions?id=sk65277BlueCoat Security Advisories
https://kb.bluecoat.com/index?page=content&id=SA59Note: The list is not exhaustive. IT Administrators should take note of their key Internet applications and network devices that may be impacted and search for more information (typically those that need to verify updated files of security signatures or patches).
Vulnerability Identifier
- No CVE information is available
Source
Related Link
- http://vasco.com/company/press_room/news_archive/2011/news_diginotar_reports_security_incident.aspx
- http://isc.sans.edu/diary.html?storyid=11560
- http://www.us-cert.gov/current/#fraudulent_diginotar_ssl_certificate
- http://blog.mozilla.com/security/2011/09/02/diginotar-removal-follow-up/
- http://support.microsoft.com/kb/2616676
- http://technet.microsoft.com/en-us/security/advisory/2607712
- http://googleonlinesecurity.blogspot.com/2011/08/update-on-attempted-man-in-middle.html
- http://support.apple.com/kb/HT4920
- http://blogs.adobe.com/psirt/2011/09/update-on-diginotar-and-the-adobe-approved-trust-list-aatl.html
Share with