Thursday, March 24, 2011

Be on the lookout for Rogue SSL Certs.

 Attacks can come from many different entry points. Trojan Downloaders, Phishing sites, usb worms, I am not going to name all the entry points attacks can come from. However today's topic will be on Fraud Certificates. Some of you may have already read about this story but I will give a quick overview.

 Someone got the passwords of one of Comodos trusted partners and bought the following domains:
• (3 certificates)
• "Global Trustee" 

 These Certs would normally be used to verify the sites identity to users. However they can also be used to reroute to a different URL or load you into a phishing site.

 Users of Firefox and IE 9 are already protected. Users of IE 8 will need to turn on "Check for Server Certificate revocation" in the settings. Microsoft has pushed out an update that will also remove privileges, you can get that by updating Windows through Windows Update.

 I also highly recommend you read these two other blog posts on the topic. I will keep y'all updated if new news breaks out:

 Sophos Article
 F-Secure Article


No comments:

Post a Comment