Thursday, September 1, 2011

SSL Certificates Stolen

The issue of DigiNotar's breach keeps getting worse; Computer World writes that over 200 SSL certificates have been generated & stolen, signed for Google, Yahoo, Mozilla, Tor Project among many others.

Google & Mozilla have updated their browsers to remove the affected certificates/invalid signatures, but in the latest build of Chrome on Linux (13.0.782.218) I still see DigiNotar as a CA.

I suggest you delete DigiNotar from all your browsers as it's not worthy of trust at the moment. Remember, if you update your browser, double check its existence as it may be added again by the update.

No comments: