Current Activity - Fraudulent SSL Certificates

[Current Activity <us-cert () us-cert gov>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

US-CERT Current Activity

Fraudulent SSL Certificates

Original release date: March 23, 2011 at 1:54 pm
Last revised: March 23, 2011 at 1:54 pm


US-CERT is aware of public reports of the existence of fraudulent SSL
certificates. These fraudulent SSL certificates could be used by an
attacker to masquerade as a trusted website. Multiple web browser
vendors have provided updates to recognize and block these fraudulent
SSL certificates.

Mozilla has updated Firefox 4.0, 3.6, and 3.5. Additional information
can be found in the Mozilla Security Blog.

Microsoft has released updates for various platforms in Microsoft
Knowledge Base Article 2524375. Additional information can be found in
Microsoft Security Advisory 2524375.

US-CERT encourages users and administrators to apply any necessary
updates to help mitigate the risks. US-CERT will provide additional
information as it becomes available.

Relevant Url(s):
<http://blog.mozilla.com/security/2011/03/22/firefox-blocking-fraudulent-certificates/>

<http://www.microsoft.com/technet/security/advisory/2524375.mspx>

<http://support.microsoft.com/kb/2524375>

====
This entry is available at
http://www.us-cert.gov/current/index.html#fradulent_ssl_certificates

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBTYo+LT6pPKYJORa3AQLlmwf/ejQBMj4CkjPdloCu3OOoRIWG5RPjdJu8
6hu0yyNfrknwIrxIn1MRuMpQU2mRdJfYOXqw8vGsLMpwSUcAhgIwrp435uiMCVXZ
cnwzs3Wf1Wt6uOozPWXdcUI41ScR4llpkBDQcmsPe/HKKmpuz2f3G8FXwFJIo/jH
9JrFh7aU+Q9G71lilZom6QG9O4H44oRgAEZ1XKimh9/QUUHxe86dOku5/ZxSG0J+
dzHTBjlhehUSzxSbwVFYU0GAnMXg4QJpOzjxto0IOSIzah66AejHrRGstAV1U3aW
1hypZmC5fHImMFHb2XoJ8OG5rVEjsbar3kTSRdazEH+n5PWizNcqYA==
=SnZ0
-----END PGP SIGNATURE-----