Fake security certificates done by hackers

For discussions about security.
Post Reply
Message
Author
User avatar
8-bit
Posts: 3406
Joined: Wed 04 Apr 2007, 03:37
Location: Oregon

Fake security certificates done by hackers

#1 Post by 8-bit »

Some hackers have found a way to place fake security certificates on sites we use.
The article can be found here.

It makes me wonder if I am in danger of having data or passwords hacked.

User avatar
Lobster
Official Crustacean
Posts: 15522
Joined: Wed 04 May 2005, 06:06
Location: Paradox Realm
Contact:

#2 Post by Lobster »

Gervase Markham, a Mozilla developer who has been involved in the response to the DigiNotar failure, warned Iranian internet users on Monday to update their browsers, "log out of and back into every email and social media service you have" and change all passwords.
What part of Iran is Oregon in?

Cold war over.
Cyber war is all the rage.

This advice will please my team of carrier pigeons
He advised users who wanted to be certain of secure communication with the government to return to using pen and paper.
Don't frighten Nooby unnecessarily
I already set up the 'paranoia for beginners' thread for a bit of voluntary fear quaking . . .
http://www.murga-linux.com/puppy/viewto ... 158#398158
Puppy Raspup 8.2Final 8)
Puppy Links Page http://www.smokey01.com/bruceb/puppy.html :D

User avatar
8-bit
Posts: 3406
Joined: Wed 04 Apr 2007, 03:37
Location: Oregon

#3 Post by 8-bit »

If you read between the lines, and are a bit paranoid, you could assume the hackers did not stop with just their own country of Iran.

It is what they don't tell you that can hurt.

nooby
Posts: 10369
Joined: Sun 29 Jun 2008, 19:05
Location: SwedenEurope

#4 Post by nooby »

in a statement Monday, the Dutch Justice Ministry published a list of the fraudulent certificates that greatly expands the scope of the July hacking attack that DigiNotar first acknowledged last week.

The list includes sites operated by Yahoo, Facebook, Microsoft, Google, Skype, AOL, Mozilla, TorProject, and WordPress, as well as spy agencies including the CIA, Israel's Mossad and Britain's MI6.

DigiNotar is one of many companies which sell the security certificates widely used to authenticate websites and guarantee that communications between a user's browser and a website are secure.
I hope those who care for internet security then try to do something about it?
I use Google Search on Puppy Forum
not an ideal solution though

Sylvander
Posts: 4416
Joined: Mon 15 Dec 2008, 11:06
Location: West Lothian, Scotland, UK

#5 Post by Sylvander »

8-bit wrote:It is what they don't tell you that can hurt.
Quite so!

I've seen it said that "the greatest victories are those no-one knows about". :(

OK for the victor; what about the vanquished?

When there are winners, others must lose.

Do we really need "winners and losers"?

The "System" tells us we do.

User avatar
russoodle
Posts: 707
Joined: Fri 12 Sep 2008, 17:36
Location: Down-Under in South Oz

#6 Post by russoodle »

Am i missing something? Posted 31st December, 1969??

:?
[i][color=Green][size=92]The mud-elephant, wading thru the sea, leaves no tracks..[/size][/color][/i]

nooby
Posts: 10369
Joined: Sun 29 Jun 2008, 19:05
Location: SwedenEurope

#7 Post by nooby »

Yes but them care about us so them updated it yesterday to make it more up to date as we say in Sweden. :)
I use Google Search on Puppy Forum
not an ideal solution though

User avatar
russoodle
Posts: 707
Joined: Fri 12 Sep 2008, 17:36
Location: Down-Under in South Oz

#8 Post by russoodle »

nooby wrote:Yes but them care about us so them updated it yesterday to make it more up to date as we say in Sweden. :)
It's all too much for my tiny mind, Noob...this all happened back in 1969 and i'm only catching up now because the article's been updated..? :shock:

There must be a dirty word or two in there somewhere, so i'm going to go wash my mouth out with chocolate :D
[i][color=Green][size=92]The mud-elephant, wading thru the sea, leaves no tracks..[/size][/color][/i]

nooby
Posts: 10369
Joined: Sun 29 Jun 2008, 19:05
Location: SwedenEurope

#9 Post by nooby »

I trust them wrote the wrong date there. Iran did not have such hackers back in 1969. :)
I use Google Search on Puppy Forum
not an ideal solution though

User avatar
8-bit
Posts: 3406
Joined: Wed 04 Apr 2007, 03:37
Location: Oregon

#10 Post by 8-bit »

The link I gave was found by doing a quick search on the web.
It is not the original article that was part of google news.
That article was done by someone else.
But as more people start using linux, hackers will target it also.

I do not think there is a safe place to protect your data.
Some say put it on paper.
Then I guess you get a shotgun and stand alert for break in attempts by burglers.
Barry can tell you about having data in your own home getting stolen.

With banking transactions, some say not to use the computer and do your transactions at the bank.
The problem with that, is that they use a computer to record your transactions and a hack of that banking division would lay bare your banking data.

So you do the best you can to protect your data and hope it stays safe.
EDIT:
For your information go to http://bkhome.org/blog/?viewDetailed=02465 and read the comment by Jota.
It appears that a bug fix update of SeaMonkey has been released that takes care of the fake security certificates.

User avatar
pemasu
Posts: 5474
Joined: Wed 08 Jul 2009, 12:26
Location: Finland

#11 Post by pemasu »


User avatar
8-bit
Posts: 3406
Joined: Wed 04 Apr 2007, 03:37
Location: Oregon

#12 Post by 8-bit »

But did you know that diginotar's parent company is located in Chicago in the good old USA?
Also, it seems some hacker is pissed off and threatening to distribute fake security certificates to other sites and possibly in other countries.

Firefox, SeaMonkey, Opera, Google Chrome, and IE have all distrubuted updates to address this. So it has the possibility of not being confined to just one country.

Apple's Safari browser evidently has not got an update yet.
Also, AVG Internet Security has updated pertaining to this.

nooby
Posts: 10369
Joined: Sun 29 Jun 2008, 19:05
Location: SwedenEurope

#13 Post by nooby »

One would need to know then what version of FireFox that will get the more protecting patch them make?

Why does one need certificates? oh sorry I guess it is https and the s means secure and to make it secure them use a Certificate that it is secure?

So in what other way can one know if it is a man in the middle thing one have been victim of?

Would it help to know the number of the site and not use DNS at all. One always looks up on the HDD what real number google Gmail has and that way one are ones own DNS and don't rely on any Certification?
I use Google Search on Puppy Forum
not an ideal solution though

nooby
Posts: 10369
Joined: Sun 29 Jun 2008, 19:05
Location: SwedenEurope

#14 Post by nooby »

How does one know which SSL certificate one have?

I have always used this to go into my webmail for google

mail.google.com or www.google.com/mail and both of them worked.

Now gmail at google has suddenly changed to

accounts.google.com/ and the passwords that firefox has saved does not get activated due to the changed first word there.

Could that be a man in the middle something?


read here
http://nakedsecurity.sophos.com/2011/08 ... n-5-weeks/
Update 2: Google is following Mozilla's lead by marking DigiNotar untrusted in the next release of the Chrome OS (Chromium).

Original post: Reports surfaced this morning that accuse the government of Iran with trying to perform a man-in-the-middle attack against Google's SSL services. ...
The certificate in question was issued on July 10th by Dutch SSL certificate authority DigiNotar. DigiNotar revoked the certificate today at 16:59:03 GMT, but many browsers do not check for revoked certificates by default. ...
So I need to learn more about this "many browsers do not check for revoked certificates by default. ..."

Does my FF do that? I have no idea!

next text.
Last March ComodoHacker claimed responsibility for the first attack against a certificate authority that resulted in bogus SSL certificates being issued in the wild.

In addition to claiming his attacks are far more sophisticated than Stuxnet and distancing himself from the Iranian government, he also claims to have compromised four other certificate authorities, including GlobalSign.

GlobalSign logoGlobalSign, the fifth largest certificate issuer according to NetCraft, responded to this news by immediately ceasing any further signing of certificates while they investigate.

Their response is interesting. While we don't know if they have been compromised (and arguably, neither do they) they are making a tough choice that is what we should expect from organizations whose business models rely on trust.
from here
http://nakedsecurity.sophos.com/2011/09 ... an-hacker/

revoking one can read about here
http://nakedsecurity.sophos.com/2011/03 ... -we-trust/
Comodo has already revoked the 9 fraudulent certificates. The revoked certificate serial numbers are published in Comodo's Certificate Revocation List (CRL), which can be manually imported and consumed on most platforms; on Windows via certmgr.msc, on OSX via KeyChain, or directly into some browsers, like Firefox.

Enabling certificate revocation checking in your browser is also advisable, not only for this particular issue, but to benefit from past and future revocation information as well.


so how do I do such things?
I use Google Search on Puppy Forum
not an ideal solution though

Post Reply