CERT mailing list archives

Previous By Date Next
Previous By Thread Next

Current Activity - Fraudulent Digital Certificates Could Allow Spoofing

From: Current Activity <us-cert () us-cert gov>
Date: Thu, 10 Nov 2011 16:32:48 -0500
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

US-CERT Current Activity

Fraudulent Digital Certificates Could Allow Spoofing

Original release date: November 10, 2011 at 4:25 pm
Last revised: November 10, 2011 at 4:25 pm


US-CERT is aware of public reports that DigiCert Sdn. Bhd has issued
22 certificates with weak encryption keys. This could allow an
attacker to use these certificates to impersonate legitimate site
owners. DigiCert Sdn. Bhd has revoked all the weak certificates that
they issued. Entrust, the parent Certificate Authority to DigiCert
Sdn. Bhd, has released a statement containing more information.

Mozilla has released Firefox 8 and Firefox 3.6.24 to address this
issue. Additional information can be found in the Mozilla Security
Blog.

Microsoft has provided an update for all supported versions of
Microsoft Windows to address this issue. Additional information can be
found in Microsoft Security Advisory 2641690.

US-CERT encourages users and administrators to apply any necessary
updates to help mitigate the risks. US-CERT will provide additional
information as it becomes available.

Relevant Url(s):
<http://blog.mozilla.com/security/2011/11/03/revoking-trust-in-digicert-sdn-bhd-intermediate-certificate-authority/>

<http://technet.microsoft.com/en-us/security/advisory/2641690>

<http://www.entrust.net/advisories/malaysia.htm>

====
This entry is available at
http://www.us-cert.gov/current/index.html#fraudulent_digital_certificates_could_allow

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBTrxC9z/GkGVXE7GMAQIjEgf/drjlCML2ZnMFUsUkcC/8YSeckM/lQP/9
miow6IX3oubIsp3ARNATxGIw8U1lOnHn41io3wctYC9h04S1PDtVjZMoA91W9Klp
XS0eZezvFUvGDIez1MchjLs5EkWR0Qrs7W+Zu44YRKJIO4NZhZdurFZgLMXAP6R2
RmjX2XfVVGcu1CxybOHUNTfeYlpEdOK9NUWOlb2imNLZ8rF8SJH91Sp3KAEYAaNK
B4vfPGANQwmkRDqr6Cjt9PcJtHRC2APgrKaounTlPnozmcneuR8rRk0lY8Ctq3G3
/gz890wvJeGQT12168diHA1BUO293g/uT0LQhd0ZBQwDpjArfct3uA==
=8aCk
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: