DaemonForums  

Go Back   DaemonForums > DaemonForums.org > News
Reload this Page CA hack: more bogus certificates
FAQ Search Today's Posts Mark Forums Read

News News regarding BSD and related.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 1st September 2011
J65nko J65nko is offline
Administrator
  
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,184
Default CA hack: more bogus certificates
From http://h-online.com/-1334651

Quote:
Dutch SSL Certificate Authority (CA) DigiNotar is still keeping a low profile regarding the extent of the recently disclosed intrusion by hackers.

The source code of the Chromium browser project, on which Google Chrome is based, has now provided some evidence of the extent of the compromise: its list of blocked certificates has grown from 10 to 257. A source code comment makes it clear that the newly added certificates were issued by DigiNotar. Whether the blocked certificates affect further popular web sites remains unknown. In addition to the CA's root certificate, the Chromium developers have also blacklisted two intermediate certificates derived from it.
Also see the EFF article at http://www.eff.org/deeplinks/2011/08...against-google
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
  #2   (View Single Post)  
Old 2nd September 2011
J65nko J65nko is offline
Administrator
  
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,184
Default
For a follow-up see Attackers behind CA hack also targeted Tor
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
  #3   (View Single Post)  
Old 5th September 2011
Carpetsmoker's Avatar
Carpetsmoker Carpetsmoker is offline
Real Name: Martin Tournoij
Tcpdump Spy
  
Join Date: Apr 2008
Location: Ireland
Posts: 2,245
Default
Yet another update:
Dutch government takes control of DigiNotar CA

The Dutch government website they link to has a certificate from ...........
Reply With Quote
  #4   (View Single Post)  
Old 5th September 2011
Carpetsmoker's Avatar
Carpetsmoker Carpetsmoker is offline
Real Name: Martin Tournoij
Tcpdump Spy
  
Join Date: Apr 2008
Location: Ireland
Posts: 2,245
Default
Here is the preliminary report from Fox-IT, which is investigating the DigiNotar situation:
http://tweakimg.net/files/upload/Ope...Tulip+v1.0.pdf

The highlight:
Quote:
The most critical servers contain malicious software that can normally be detected by anti-virus software.
The separation of critical components was not functioning or was not in place. We have strong indications that the CA-servers, although physically very securely placed in a tempest proof environment, were accessible over the network from the management LAN.

The network has been severely breached. All CA servers were members of one Windows domain, which made it possible to access them all using one obtained user/password combination. The password was not very strong and could easily be brute-forced.

The software installed on the public web servers was outdated and not patched.

No antivirus protection was present on the investigated servers.

An intrusion prevention system is operational. It is not clear at the moment why it didn‟t block some of the outside web server attacks. No secure central network logging is in place.
Reply With Quote
Reply

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
RSA replaces SecurID tokens after hack J65nko News 0 7th June 2011 09:00 PM
New Research Suggests That Governments May Fake SSL Certificates Carpetsmoker News 0 25th March 2010 09:28 PM
Almost 2,500 firms breached in ongoing hack attack J65nko News 0 18th February 2010 03:31 PM


All times are GMT. The time now is 09:27 PM.

DaemonForums.org RSS Feeds - Contact Us - DaemonForums.org - Archive - Privacy Statement - Top

Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2025, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick