cryptocat The DigiNotar Debacle, and what you should do about it Recently it has come to the attention of, well, nearly the entire world that the Dutch Certificate Authority DigiNotar incorrectly issued certificates to a malicious party or parties. Even more recently, it's come to light that they were apparently compromised months ago or perhaps even in May of 2009 if not earlier. This is pretty unfortunate, since correctly issuing certificates is exactly the function that a certificate authority (CA) is supposed to perform. By comparison, ComodoGate looks fairly minor. This incident doesn't affect the functionality of Tor clients or the Tor Network itself, since Tor doesn't use the flawed CA system. But the incident does affect users that are attempting to reach The Tor Project's infrastructure: with one of these bogus certificates, an attacker could convince your browser that you were talking to The Tor Project website, when really you were talking to the attacker. The attack "What I can say is the following " ... The defense What you should do
Man in Middle Attacks Dangerous in Iran – Part 2 UPDATE: Google and Mozilla have revoked more than 200 security certificates as a result of a hack into the accounts of certificate authority, DigiNotar. WARNING: Tor, Yahoo, and Mozilla were among the targets. WHAT THIS MEANS: If you are in using Tor software downloaded after July 9, it might be compromised. Users of confirmed versions of Tor should not have been effected. A few days ago, Arseh Sevom reported on compromised security for users in Iran. Now it has been revealed that over 200 hacked certificates are in use. A hack-free site or application is the holy grail of internet security. On July 19th, DigiNotar discovered the hack. The certificate in the name of Google was used by several Internet Service Providers (ISPs) in Iran, suggesting that whoever hacked DigiNotar was affiliated with the government or a powerful organization. “This is a complex and elaborate hack. In a sense, this access was like a signed blank check for the hackers. The Tor Blog Similar Posts: