Those using Safari on Mac OS X are still vulnerable to "man-in-the-middle" attacks using fraudulent security certificates that hackers generated from Dutch certificate authority DigiNotar. The problem lies in the way Mac OS X handles a new type of certificate called Extended Validation, or EV certificates. Fortunately, however, there is a relatively easy fix.
DigiNotar had been hacked earlier this week in order to generate hundreds of fake security certificates for numerous websites, including Google, Yahoo, and others. An Iranian hacker appears to have used the certificates for google.com to spy on Iraninan Gmail users' conversations.
Microsoft and Google revoked trust in certificates issued by DigiNotar, and Mozilla issued patches for Firefox and Thunderbird to no longer trust certificates from the company. These changes meant that Chrome, Internet Explorer, and Firefox users would no longer accept secure HTTPS connections from sites using DigiNotar issued certs.
No comments:
Post a Comment