Last year as we considered possible future threats, one of our predictions for 2011 thoughts turned to the use of stolen digital certificates becoming increasingly more common. We envisioned malicious websites and applications being signed using stolen digital certificates and validated by products and applications that fail to keep up to date with these events. It appears that our predictions are becoming a reality as we begin to see more and more cases of stolen certificates.
Recently, certificates belonging to a Certification Authority by the name of DigiNotar were stolen. These were used to issue hundreds of certificates, amongst them, a certificate for the domain *.google.com which was used to execute Man-in-the-Middle attacks against users of encrypted Google services.
M86 Security has issued a Security Update for our Secure Web Gateway product, moving the five stolen root certificates to the untrusted list:
- DigiNotar Root CA
- DigiNotar Root CA G2
- DigiNotar PKIoverheid CA Overheid
- DigiNotar PKIoverheid CA Organisatie – G2
- DigiNotar PKIoverheid CA Overheid en Bedrijven
Given that some of these certificates are already being used in active attacks, customers are highly advised to install this update (M86 Security Update 120).
With the update installed, Secure Web Gateway clients will be protected against malicious files signed with certificates issued by this Certification Authority in an attempt to appear legit, as well as Man-in-the-Middle attacks against users of various encrypted services. These will be blocked for a digital certificate violation.
To verify that the update has been installed and to observe the changes to Secure Web Gateway’s digital certificates, customers may inspect the product’s web administration interface under Administration > System Settings > Digital Certificates. Here customers will see the certificates removed from the “M86 Security Trusted Root CA”, which can now be found under “M86 Security Untrusted Publishers”.
M86 Security will continue to keep track of the situation and take actions as necessary to keep our customers safe.
Leave a reply