Browsers Update to Fend Off Attacks

Thursday, September 1, 2011 @ 04:09 PM gHale


As a result of the DigiNotar Certificate Authority hack, Google and Mozilla released updates to Chrome and Firefox in order to remove the root certificate.

A rogue *.google.com SSL certificate found in the wild and researchers said they possibly saw use by the Iranian government in country-wide man-in-the-middle attacks against Gmail users.

RELATED STORIES
Certificate Authority Breached; Sites Suffer
Breach: More SCADA System Holes
Compliance Does Not Mean Secure
SCADA Hacking via Search Engines

The certificate issuer, VASCO-owned DigiNotar admitted suffering a security breach in July which resulted in hackers issuing rogue certificates for several high-profile domains.

Despite undergoing an internal investigation and an audit performed by an external party, the company failed to revoke the rogue Google certificate used for weeks.

The incident comes after in March an Iranian hacker broke into the network of Comodo reseller and issued several rogue certificates.

Mozilla, Google and Microsoft quickly unveiled their plans to remove the DigiNotar root certificate from their products.

Mozilla and Google made good on those promises with the release of Firefox 6.0.1, Firefox 3.6.21, and Chrome 13.0.782.218 respectively. In addition to removing the DigiNotar CA cert, the new Chrome version also updates the bundled Flash Player plug-in.



Leave a Reply

You must be logged in to post a comment.