DigiNotar breached, hundreds of forged SSL certificates issued

September 10, 2011


DigiNotar was breached and hundreds of SSL certificates were issued for a variety of domains including Gmail, Yahoo and Facebook. Below are several articles that cover the breach including technical details of the certificates created.


DigiNotar Hacked by Black.Spook and Iranian Hackers

Tuesday, August 30, 2011

Posted by Mikko

http://www.f-secure.com/weblog/archives/00002228.html

Somehow, somebody managed to get a rogue SSL certificate from them on July 10th, 2011. This certificate was issued for domain name .google.com.

What can you do with such a certificate? Well, you can impersonate Google . assuming you can first reroute Internet traffic for google.com to you. This is something that can be done by a government or by a rogue ISP. Such a reroute would only affect users within that country or under that ISP.

[..]


http://www.eweek.com/c/a/Security/Google-Warns-Iranian-Gmail-Users-After-DigiNotar-Breach-573939/

Google Warns Iranian Gmail Users After DigiNotar Breach

By: Clint Boulton

2011-09-11

Google tells Iranian Gmail users to beware of suspicious prompts to click on links that could execute man-in-the-middle attacks. Comodohacker is using a fake certificate.

Google (NASDAQ:GOOG) Sept. 8 warned its Gmail users in Iran that their accounts may be compromised by the fake Secure Sockets Layer (SSL) security certificate issued by Dutch security firm DigiNotar.

The search engine provider, believed to have between 150 million and 200 million Gmail users worldwide, said that its own servers and infrastructure were not compromised in the security attack.

[..]


http://www.darkreading.com/authentication/167901072/security/attacks-breaches/231601790/diginotar-hacked-out-of-business.html

DigiNotar Hacked Out Of Business

Doomed certificate authority files for bankruptcy, and industry looks for answers on preventing more CA hacks

Sep 20, 2011

By Kelly Jackson Higgins

Dark Reading

Say goodbye to certificate authority DigiNotar: The beleaguered Dutch CA has filed for bankruptcy in the wake of the recent massive breach at the firm, its parent company VASCO Security said today, and has exited the CA business altogether. While the demise of DigiNotar comes as no real surprise given the chain of events that have transpired since it was first learned the CA had been hacked, its downfall has ignited debate over what can be done to prevent digital certificate disasters in the future.

There's no easy way to ensure CAs don't get hacked, or that one is more trustworthy than another if they pass their audits. But there is a way to discourage CA hacks altogether, says Roel Schouwenberg, senior antivirus researcher for Kaspersky Lab: Browser vendors could store a whitelist of proper certificates for the top 10 or 20 targets of cyberespionage, such as Facebook, Gmail, Yahoo, and Tor, as well as any high-profile sites.


https://blog.torproject.org/blog/diginotar-damage-disclosure

About an hour ago I was contacted by the Dutch Government with more details about the DigiNotar Debacle. It seems that they're doing a great job keeping on top of things and doing the job that DigiNotar should've done in July. They sent a spreadsheet with a list of 531 entries on the currently known bad DigiNotar related certificates.

The list isn't pretty and I've decided that in the interest of defenders everywhere without special connections, I'm going to disclose it. The people that I have spoken with in the Dutch Government agree with this course of action.

This disclosure will absolutely not help any attacker as it does not contain the raw certificates; it is merely metadata about the certificates that were issued. It includes who we should not trust in the future going forward and it shows what is missing at the moment. This is an incomplete list because DigiNotar's audit trail is incomplete.

[..]


main page ATTRITION feedback