The Latest in IT Security

DigiNotar CA compromise

31
Aug
2011

SSL certificates are used to validate the identity of a website to users. Over the weekend, it was found that DigiNotar, a Dutch Certificate Authority, had issued a rogue SSL certificate for *.google.com. Today, this was confirmed by DigiNotar in a press release.

According to DigiNotar’s own investigation, they found out that they were compromised on July 19, 2011, and several rogue SSL certificates had been issued including the one to *.google.com. All the other ones were revoked, but for some reason, DigiNotar missed revoking the one issued for Google’s domain. Why is this important? With the rogue certificate issued by a trusted CA, it’s possible to do Man-in-the-Middle attacks and listen in to any traffic going to Google’s services, such as Google Mail, Google Docs, Google Plus, and Google Apps, without any visible warnings to users.

Websense products

If you have SSL Inspection enabled in Websense Web Security Gateway (Anywhere) solutions and have the Certificate Validation Engine enabled, you will already have the revoked certificates downloaded and installed.

If you want to follow Microsoft and Firefox and disable trust for DigiNotar’s Root CA, we do offer that option as well.

  1. Open up the Administration UI for Websense Content Gateway (https://123.123.123.123:8081 by default)
  2. Go to Configure -> SSL -> Certificates
  3. Scroll down and select DigiNotar Root CA and “Click to change status to Deny

 

Leave a reply


Categories

THURSDAY, MARCH 28, 2024
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments