Hack Obtains 9 Bogus Certificates for Prominent Websites - ehMac.ca
Facebook
Twitter
YouTube
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read Advertise


Reply
 
LinkBack Thread Tools Display Modes
Old Mar 29th, 2011, 01:43 PM   #1
krs
Honourable Citizen
 
krs's Avatar
 
Join Date: Mar 2005
Location: Ontario and Quebec
Posts: 9,103
Hack Obtains 9 Bogus Certificates for Prominent Websites

Not Mac specific but it could definitely affect Mac users:

Hack Obtains 9 Bogus Certificates for Prominent Websites; Traced to Iran | Threat Level | Wired.com
krs is offline   Reply With Quote
Sponsored Links
Advertisement
 
Old Mar 29th, 2011, 01:50 PM   #2
Assured Advertiser
Honourable Citizen
 
CanadaRAM's Avatar
 
Join Date: Jul 2005
Location: Victoria BC
Posts: 3,895
Quote:
Originally Posted by krs View Post
Not Mac specific but it could definitely affect Mac users:

Hack Obtains 9 Bogus Certificates for Prominent Websites; Traced to Iran | Threat Level | Wired.com
The article states that Comodo revoked the certificates "within hours"
Which presumably means that this particular hack should affect nobody now, but may theoretically have during the period it was undetected.
CanadaRAM is offline   Reply With Quote
Old Mar 29th, 2011, 02:20 PM   #3
krs
Honourable Citizen
 
krs's Avatar
 
Join Date: Mar 2005
Location: Ontario and Quebec
Posts: 9,103
True enough -

What bothers me is that Comodo was unaware of the problem and only found out when another agency pointed it out to them.
I suppose there is no 100% security against hackers but one would hope that a site like Comodo should have at least a means to detect when it had been compromised.
krs is offline   Reply With Quote
 
Old Mar 29th, 2011, 10:44 PM   #4
Honourable Citizen
 
Atroz's Avatar
 
Join Date: Aug 2005
Location: Ottawa
Posts: 1,681
Quote:
Originally Posted by CanadaRAM View Post
The article states that Comodo revoked the certificates "within hours"
Which presumably means that this particular hack should affect nobody now, but may theoretically have during the period it was undetected.
Actually, you need to make sure that your browser actually checks for revoked certificates. If not, your browser will still be tricked.

See here for Safari configuration: The Mac Security Blog Protect Safari from Fraudulent Digital Certificates
__________________
'
"Do the Right Thing. It will gratify some people and astound the rest." - Mark Twain
Atroz is offline   Reply With Quote
Old Mar 29th, 2011, 11:09 PM   #5
krs
Honourable Citizen
 
krs's Avatar
 
Join Date: Mar 2005
Location: Ontario and Quebec
Posts: 9,103
Quote:
Originally Posted by Atroz View Post
See here for Safari configuration: The Mac Security Blog Protect Safari from Fraudulent Digital Certificates
Thanks, the check on Safari was turned off for me - I assume that is the default.
krs is offline   Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -4. The time now is 01:34 AM.



Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2019, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2019 DragonByte Technologies Ltd.
Copyright 1999 - 2012, ehMac.ca All rights reserved. ehMac is not affiliated with Apple Inc. Mac, iPod, iTunes, iPhone, Apple TV are trademarks of Apple Inc. Content Relevant URLs by vBSEO 3.6.0 RC 2

Tribe.ca: Urban living in Toronto!