ID: IRCNE2011091238
Date: 2011-09-04
According to "computerworld", Hackers may have stolen more than 200 digital certificates from a Dutch company. The count is considerably higher than DigiNotar has acknowledged. Earlier this week they announced that "several dozen" certificates had been acquired by the attackers. "About 200 certificates were generated by the attackers," said Hans Van de Looy, principal security consultant and founder of Madison Gurka, a Dutch security company.
Among the certificates acquired by the attackers in a mid-July hack of DigiNotar, Van de Looy's source revealed, were ones valid for mozilla.com, yahoo.com and torproject.org. Tor is a system that lets people connect to the web anonymously.
Late on Tuesday, Mozilla shipped updates for Firefox 6 and Firefox 3.6 that added DigiNotar's root certificate to those browsers' blacklists. Google has updated Chrome 13 and Chrome 14 - the latter currently in beta testing - to do the same.
Meanwhile, Microsoft has nuked all DigiNotar certificates by adding the Dutch company's root to its list of banned certificates in Windows Vista, Windows 7, Server 2008 and Server 2008 R2.
Users running Windows XP or Server 2003, however, remain at risk; Microsoft said it would address those editions with a "future update" but did not set a timetable.
"Currently, investigators of the renowned company Fox-IT are investigating the servers of DigiNotar and their report will hopefully reveal additional information on the how, when and what of this significant event," said Van de Looy.
Related link:
Hackers acquired Google digital certificate
- 3