Things to Read

COLLECTIONS

The Longest Road in the Universe: A Collection of Fantastical Tales

The Ruin of Beltany Ring: A Collection of Pagan Poems and Tales

OTHER FICTION

Independent Release:
In D is for Dinosaur:

OTHER POETRY

At Astropoetica:
At Goblin Fruit:
At Polu Texni:

Professional Memberships

Home | Blogs | ceallaigh's blog

SSL Hack of Google - Please read, this may affect you.

Tech Speak

I've just learned via my Twitter feed that a certificate authority in the Netherlands issued a valid SSL wildcard certificate for Google to a third party in July, leading to concerns that attackers may have been using the certificate to route sensitive traffic through their own servers, capturing it and compromising user data in the process. Microsoft Technet has issued an advisory about the certificate, and a Pastebin post of the SSL certificate alleges it was used by the Iranian government for man-in-the-middle attacks. Google has written about the attack on its blog, and PC World has provided an excellent overview of the problem.

Plain English

What this means is that a valid security certificate for Google, issued by DigiNotar, was released to a third party, making it possible for that third party to masquerade as Google and obtain sensitive user information such as usernames and passwords. Worse, the certificate was a wildcard, meaning it was valid for any Google domain. Google's above-referenced blog post asserts the attack was only focused on Iranian targets. However, the SSL certificate should be deleted or marked as untrusted on all computers while the investigation is ongoing.

What You Should Do

Delete the certificate. Here's how:

Linux Command Line: sudo rm -f /etc/ssl/certs/DigiNotar_Root_CA.pem (via @ioerror )

Firefox: Deleting the DigiNotar CA certificate

Safari: DigiNotar certificate security issue (via the Coriolis News blog and @ioerror)

Chrome: Deleting the DigiNotar Root CA in Google (This video begins badly, but stick with it. The image clears up.)

Microsoft indicates it has already removed DigiNotar as a trusted SSL certificate for all of its products.

Bookmark and Share

Random Quote

In an earlier stage of our development most human groups held to a tribal ethic. Members of the tribe were protected, but people of other tribes could be robbed or killed as one pleased. Gradually the circle of protection expanded, but as recently as 150 years ago we did not include blacks. So African human beings could be captured, shipped to America and sold. In Australia white settlers regarded Aborigines as a pest and hunted them down, much as kangaroos are hunted down today.

Subscribe to My Newsletter

* indicates required



View previous campaigns.