Talks, discussion (popular science) - 02myCondHum02_2011Sep. Cryptocat. Cryptocat. Israel: J14hackers build SMS-Twitter Gateway for Protests. IT - מוקד הודעות ה-SMS של מחאת האוהלים עלה לאוויר. FreedomBox Foundation, une initiative pour communiquer sur internet malgré la censure. Iran: Protect Iranian Users. The DigiNotar Debacle, and what you should do about it | The Tor Blog - 2011-08-31. The DigiNotar Debacle, and what you should do about it. Recently it has come to the attention of, well, nearly the entire world that the Dutch Certificate Authority DigiNotar incorrectly issued certificates to a malicious party or parties.
Even more recently, it's come to light that they were apparently compromised months ago or perhaps even in May of 2009 if not earlier. This is pretty unfortunate, since correctly issuing certificates is exactly the function that a certificate authority (CA) is supposed to perform. By comparison, ComodoGate looks fairly minor. This incident doesn't affect the functionality of Tor clients or the Tor Network itself, since Tor doesn't use the flawed CA system. The Tor network uses a much simpler and flatter trust design that protects us from many of these CA issues.
Further, Tor's distributed-trust design limits the damage from compromise of any given network component. The attack In the last seventy-two hours we were working to find positive confirmation that The Tor Project was one of the targeted groups. Man in Middle Attacks Dangerous in Iran – Part 2. UPDATE: Google and Mozilla have revoked more than 200 security certificates as a result of a hack into the accounts of certificate authority, DigiNotar.
WARNING: Tor, Yahoo, and Mozilla were among the targets. WHAT THIS MEANS: If you are in using Tor software downloaded after July 9, it might be compromised. Users of confirmed versions of Tor should not have been effected. (Read more on the Tor Blog.) If you have not checked the signature of Tor to ensure that it is authentic, now is the time to do so. A few days ago, Arseh Sevom reported on compromised security for users in Iran. Now it has been revealed that over 200 hacked certificates are in use. A hack-free site or application is the holy grail of internet security. On July 19th, DigiNotar discovered the hack. The certificate in the name of Google was used by several Internet Service Providers (ISPs) in Iran, suggesting that whoever hacked DigiNotar was affiliated with the government or a powerful organization.
The Tor Blog.