CERT mailing list archives
Current Activity - Fraudulent Digital Certificates Could Allow Spoofing
From: Current Activity <us-cert () us-cert gov>
Date: Thu, 10 Nov 2011 16:32:48 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 US-CERT Current Activity Fraudulent Digital Certificates Could Allow Spoofing Original release date: November 10, 2011 at 4:25 pm Last revised: November 10, 2011 at 4:25 pm US-CERT is aware of public reports that DigiCert Sdn. Bhd has issued 22 certificates with weak encryption keys. This could allow an attacker to use these certificates to impersonate legitimate site owners. DigiCert Sdn. Bhd has revoked all the weak certificates that they issued. Entrust, the parent Certificate Authority to DigiCert Sdn. Bhd, has released a statement containing more information. Mozilla has released Firefox 8 and Firefox 3.6.24 to address this issue. Additional information can be found in the Mozilla Security Blog. Microsoft has provided an update for all supported versions of Microsoft Windows to address this issue. Additional information can be found in Microsoft Security Advisory 2641690. US-CERT encourages users and administrators to apply any necessary updates to help mitigate the risks. US-CERT will provide additional information as it becomes available. Relevant Url(s): <http://blog.mozilla.com/security/2011/11/03/revoking-trust-in-digicert-sdn-bhd-intermediate-certificate-authority/> <http://technet.microsoft.com/en-us/security/advisory/2641690> <http://www.entrust.net/advisories/malaysia.htm> ==== This entry is available at http://www.us-cert.gov/current/index.html#fraudulent_digital_certificates_could_allow -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iQEVAwUBTrxC9z/GkGVXE7GMAQIjEgf/drjlCML2ZnMFUsUkcC/8YSeckM/lQP/9 miow6IX3oubIsp3ARNATxGIw8U1lOnHn41io3wctYC9h04S1PDtVjZMoA91W9Klp XS0eZezvFUvGDIez1MchjLs5EkWR0Qrs7W+Zu44YRKJIO4NZhZdurFZgLMXAP6R2 RmjX2XfVVGcu1CxybOHUNTfeYlpEdOK9NUWOlb2imNLZ8rF8SJH91Sp3KAEYAaNK B4vfPGANQwmkRDqr6Cjt9PcJtHRC2APgrKaounTlPnozmcneuR8rRk0lY8Ctq3G3 /gz890wvJeGQT12168diHA1BUO293g/uT0LQhd0ZBQwDpjArfct3uA== =8aCk -----END PGP SIGNATURE-----
Current thread:
- Current Activity - Fraudulent Digital Certificates Could Allow Spoofing Current Activity (Nov 10)