Philippine News | Latest | Local | Showbiz | Weather | Newspapers | Holidays

Categories

1 trillion pageviews (1) 10.1-inch (1) 3D (1) 3D glasses (1) 3D Vision (1) 9mm (1) A5 chip (1) ABS-CBN (6) add-ons (1) Adobe (2) Adobe Flash Player 11 (1) Adobe Max (1) Adobe Touch (1) Advertising (1) Air Philippines (1) Amazon Kindle 2011 (1) Android (7) angry birds (1) angry birds and sesame street (1) angry birds download (1) Anniversary (2) anonymous activists (1) anonymous browsing (1) antitrust (1) antivirus 2012 (1) app for energy use (1) Apple (7) Apple A5 (1) apple ceo (1) Apple iPhone 5 (1) Apple launch (1) apple new ceo (1) Apple Talk (1) Apples latest and greatest A5 silicon (1) ARM processors (1) asian computer companies (1) asilo tagaytay (1) AVG (1) AVG Anti-Virus Free 2012 v12.0.1796 (1) avida (1) BBC News (1) Blackberry (1) Blackberry issues (3) blackberry news (3) blacklist (1) Blogger News (7) Blogger Tricks (8) Blogging (7) Breaking News (118) browser (1) browsers (3) Browsers and extensions (3) business merge (1) Cagayan de Oro (2) Cagayan de Oro City (2) Cava22 (1) CdeO (2) CDO city (2) Cebu Pacific (1) ceo mac (1) ceo of apple (1) ceo of mac (1) child pornography stopped (1) chrome (1) CNET (1) cnn news technology (2) CNN. com (1) Company deals (1) compatibility (1) Consumer software and hardware (1) Content and publishing (1) Crave (1) Criminal Hackers (2) CSS (1) Daily Readings (2) dekstop (1) Department of Justice (1) developers (1) Digital Home (1) dolphin (1) dolphin hd (1) Doodle (1) downloads (1) Droid Bionic (1) Droid Razr (2) Earthquake in the Philippines (3) electricity news (1) Emerging tech (1) energy use (1) Erroneous SSL (1) extensions (1) F8 (1) F8 2011 (1) Facebook (10) facebook and OPOWER (1) facebook apps (2) facebook includes music (1) facebook new layout (1) facebook news (6) facebook scams (1) Facebook Tricks (6) faster scans (1) Fennec (1) Filipino Music (1) firefox (4) firefox 7 (1) firefox 7 beta 6 (1) firefox 7 beta 6 download (1) firefox 7 download (1) firefox 7 ftp (1) firefox beta (1) Fires in the Philippines (2) Flash (1) Flickr (1) free download (2) freeware (1) Gadget news (1) Galaxy Nexus (1) Galaxy Note (1) Galaxy S II (1) Galaxy Tab 7.0 Plus (1) Games (3) Globe Promo Offers (2) GMA (2) GMA News (1) Gogle 13th birthday (1) Google (8) Google Birthday (1) Google Doodle (5) Google news (1) google vs. facebook (1) Google Wallet (1) Google Wallet Launch (1) Google+ (2) Gumby (1) Gumbyworld (1) Hacked SSLs (1) hackers (1) highest pageviews (1) history of facebook (1) hitachi news (1) Hollywood (1) honeycomb (1) housing (1) HTML5 (2) Ice Cream Sandwich (2) ie (1) IFA Berlin 2011 (1) International News (26) internet (4) Internet vigilantes (1) iOS (4) iOS 5 (1) iPad 2 (1) iPhone (1) iPhone 4S (3) iphone 5 (1) iPhone is missing (1) Ireland (1) japanese businesses merge (1) joint venture technology (1) Latest Dota Maps (3) latest gadgets (1) Latest News in the Philippines (149) latest news on computers (1) latest news on windows (1) Latest on SSL Errors (1) lawsuit (1) Lenovo IdeaPad Y570 (1) LET Exam (4) LET Review Documents (1) LG Nano LED TV (1) Licensure Exams (1) Lightboost (1) Local News (61) Lotto results (1) mac ceo (1) mac new ceo (1) Mac Software (1) malware (1) Manny Pacquiao (3) market share (1) Mary Blair (1) Media (1) Media Edition (1) memory (1) Microsoft (1) microsoft partners with twitter (1) Microsoft Windows 8 operating system (1) Mindanao (2) mobile (1) Mobile Software (1) Motorola (3) Movies (1) Mozilla (2) music on facebook (1) music+facebook (1) Net Applications (1) Netflix (1) network failure (1) New features (1) new iphone (1) news update (1) Nexus (1) Nexus Prime (1) NFC (1) Nvidia 3D Vision 2 (1) Olympics 2012 (1) Open Graph (1) opera 11.1 download (1) opera for android download (1) opera mobile 11.1 for Android (1) opera mobile for android (1) OPOWER (1) Pablo (2) Panasonic 3D Lumix camera (1) Pantech Breakout (1) PCSO Lotto (1) performance (2) Peripherals (1) Philippine Airlines (1) Philippine Holidays (3) philippine lotto (1) Philippine Newspaper (4) Philippine Stock Exchange (4) Philippine Storms (2) Philippine Weather (89) Philippines (20) Phishing (1) Photography (1) Photos (1) Photoshop (1) Pixar (1) platform (1) Policy Tags: android (1) porn (1) PRC News (5) preorders (1) privacy (2) Privacy and data protection (1) Privacy Inc. (1) programming (2) psychology (1) Qualcomm 3G chip (1) rapid release (1) research (1) Samsung (3) Samsung Galaxy S II (1) Samsung Galaxy Tab 10 (1) Samsung Galaxy Tab 7.7 (1) Samsung Galaxy Tab 8.9 (1) Samsung Series 7 all-in-one (1) San Francisco (1) Security (2) Self help (3) sesame street (1) sex (1) Showbiz News (17) Skype (1) SMART Promo Offers (2) social networks (2) Software (2) software release (1) Sony Ericsson Arc S (1) Sony Ericsson Xperia Arc (1) Sony Ericsson Xperia Play 4G (1) Sony HDR-PJ10 (1) sony hitachi tohiba merge (1) sony news (1) Sports News (7) SSL Error (1) Steve Jobs (1) Steven Sinofsky (1) Storm Pablo (2) Stratosphere (1) subscribe in facebook (1) tablet (1) tablets (1) Tech News (11) Technology Blogs (1) technology news (2) tim cook (1) Timeline (2) Topics: Corporate and legal (1) TOR (1) toshiba news (1) Toshiba no-glasses 3D TV (1) Toshih 10.1-inch Android tablet (1) Touch Apps (1) Toy Story (1) tracking (1) Tropical Storm (2) twitter+facebook (1) TypeKit (1) UFC News (1) unreleased iPhone (1) update (1) web browsers (1) Websense (1) Website Development (5) Websites Hacked (1) Why facebook has SSL Errors (1) windows 8 (1) windows 8 update (1) windows latest (1) Windows Software (1) Xoom 2 (1) Xtravo (1) Xtravo web browser (1) XUL (1) Yahoo (1) Zest Air (1) zuckerberg (1) Zynga (1)

Latest News on Web Certificate Errors (Sept. 2011)

The number of fraudulent security certificates issued by a hacked Dutch firm has ballooned from the 247 reported last week to 531, and the main purpose of the attack appears to have been to spy on Iranian dissidents.

Result of an SSL error in Chrome
The list of domains for which fraudulent Secure Sockets Layer (SSL) certificates were issued by DigiNotar, a root certificate authority, now includes sites such as the CIA, MI6, Facebook, Microsoft, Skype, Twitter, and WordPress, among others, according to a list released this weekend by the Dutch Ministry of Justice. In the wake of the new revelations, the Dutch government has reportedly expressed a lack of confidence in the Netherlands-based company and taken control of it. 

DigiNotar representatives did not respond to a request for comment.


The intrusion was revealed late last month when Google said Gmail users in Iran were at risk of having their log-in credentials stolen after someone broke into DigiNotar to steal the digital equivalent of an identification card for Google.com. The problem first surfaced on a Google support site on August 28. However, DigiNotar only acknowledged last week that it had detected an intrusion into its Certificate Authority infrastructure on July 19.

During the intrusion, someone issued fraudulent certificate requests "for a number of domains," but DigiNotar said earlier--when the list of affected domains was smaller--that it had revoked them. A fraudulent certificate allows someone to impersonate the secure versions of those Web sites--the ones that are used when encrypted connections are enabled--in some circumstances.

The Gmail incident affected mostly Iranian users, and it now appears the certificates might have been issued for the purpose of spying on Iranian dissidents, perhaps by the Iranian government. The Tor Project's Jacob Appelbaum, who published the list of affected domains, notes that one domain certificate on the list is "a calling card from a Farsi speaker," the language spoken by most Iranians:

CN=*.RamzShekaneBozorg.com,SN=PK000229200006593,OU=Sare Toro Ham Mishkanam,L=Tehran,O=Hameye Ramzaro Mishkanam,C=IR
RamzShekaneBozorg.com is a bogus address, and Appelbaum reported that "RamzShekaneBozorg" translates from Farsi to "great cracker," while "Hameyeh Ramzaro Mishkanam" translates to "I will crack all encryption" and "Sare Toro Ham Mishkanam" translates to "i hate/break your head."


Ot van Daalen, director of Bits of Freedom, a Dutch group that defends digital privacy rights, said the hacking put Iranian dissidents "at grave risk."

"It's horrible to say, but it's entirely possible that the hacking attack has endangered lives in Iran," Van Daalen told Radio Netherlands Worldwide."There is a real chance that the Iranian authorities have used these certificates to eavesdrop on users. And it can't be ruled out they will continue doing so with other certificates."

Appelbaum, who noted that DigiNotar's audit trail is incomplete, said the list includes certificate authority (CA) roots that should probably never be trusted again.


"The most egregious certs issued were for *.*.com and *.*.org while certificates for Windows Update and certificates for other hosts are of limited harm by comparison," Appelbaum wrote in a Tor Project post. "The attackers also issued certificates in the names of other certificate authorities such as 'VeriSign Root CA' and 'Thawte Root CA' as we witnessed with ComodoGate, although we cannot determine whether they succeeded in creating any intermediate CA certs."

SSL Error in Firefox
The latest versions of Internet Explorer, Chrome, andFirefox have revoked trust in DigiNotar certificates, and users will see warnings if they visit Web sites that use that root authority's certificates.

This is the second time this year that the Iranian government has been linked to attempts to obtain fraudulent certificates to impersonate major Web sites. Comodo, a Jersey City, N.J.-based firm that issues digital certificates, said in March the nine certificates were fraudulently obtained. The Internet Protocol addresses used in the attack were in Tehran, Iran, said Comodo, which said that because of the focus and speed of the attack, it was "state-driven."

Kaspersky Lab's Roel Schouwenberg wrote in a blog post that the DigiNotar attack may prove to be more of a watershed moment than Stuxnet, a worm code discovered last year that is widely believed to have been designed to sabotage a uranium enrichment facility in Iran.

"The attack on DigiNotar doesn't rival Stuxnet in terms of sophistication or coordination," Schouwenberg wrote. "However, the consequences of the attack on Diginotar will far outweigh those of Stuxnet. The attack on DigiNotar will put cyberwar on or near the top of the political agenda of Western governments."

Source: http://news.cnet.com/8301-1009_3-20101786-83/dutch-firm-linked-to-many-more-fraudulent-net-certificates/#ixzz1XFTW2QmM
Labels: , , , , ,

Share Your Thoughts via FB Comments!

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)
Share

Widgets

TRY THESE OTHER INTERNET BROWSERS

get chrome
try maxthon browser
netscape navigator
get firefox
get internet explorer
download safari
get opera browser

Download Firefox