DigiNotar Hack Details

• A company spokesman said that “several dozen” certificates had been acquired by the attackers.
• The confirmed count of fraudulently-issued SSL (secure socket layer) certificates now stands at 531.
• The first known-bad certificate, for Google.com, was created by attackers on July 10, 2011. Between July 19 and July 29, DigiNotar began discovering bad certificates during routine security operations, and blocking them.
• But the attack didn’t come to light until August 27
• Comodohacker said the attack against DigiNotar was payback for the Srebrenica massacre.
• He also suggested that he wasn’t operating under the auspices of Iranian authorities, but that he may have given them the certificates.
• Comodohacker also posted additional proof that he had the private key for the invalid google.com certificate, by using it to sign a copy of calc.exe, a feature a regular website SSL certificate should not have.
• The DigiNotar hack has already had wide-ranging repercussions for the 9 million Dutch citizens–in a country with a population of 17 million–that use DigiD , a government website for accessing services, such as paying taxes.
• According to news reports, the country’s lawyers have been forced to switch to fax and mail, to handle many activities that were supported by an intranet.
• The Netherlands has also indefinitely extended the country’s tax deadline until DigiD can again be declared secure.
• Mozilla has made this public statement: “This is not a temporary suspension, it is a complete removal from our trusted root program.”. Such harsh action was taken because DigiNotar did NOT notify everyone when the breech was discovered.
• F-Secure Weblog says they were hacked by someone who was connected to “ComodoGate” — the hacking of another Certificate Authority earlier this year, by an Iranian attacker.

Removing the DigiNotar Root CA certificate : Ubuntu

Microsoft out-of-cycle patch to fix DigiNotar bogus certificates

Hacker claims to have compromised Other SSL Cert Authorities

• Soon after the Comodo forged certificates hack an Iranian using the handle Comodohacker posted a series of messages via Pastebin account providing evidence that he carried out the attack.

• The hacker boasted he still has access to four other (unnamed) “high-profile” CAs and retains the ability to issue new rogue certificates, including code signing certificates.

• ComodoHacker also claims to have compromised StartSSL, however issuance of invalid certificates was prevented by a policy change that required the CEO to manually offline approve each issued certificate. The HSM (Hardware Signing Module) being offline seems like the only way to be entirely sure that invalid certificates are not issued. A proper policy, more than just rubber stamping any certificate that doesn’t say google.com on it should be required.

• GlobalSign on Tuesday announced that it would temporarily cease issuing any new certificates.
  “GlobalSign takes this claim very seriously and is currently investigating,” according to a statement released by the company

• Is the fifth-largest CA

• GlobalSign Suspends Issuance of SSL Certificates

• BBC Article

DNS hack hits popular websites: Telegraph, Register, UPS, etc

• Further websites which have been affected by the DNS hack include National Geographic, BetFair, Vodafone and Acer.
• Instead of breaching the website itself, the hackers have managed to change the DNS records for the various sites affected.
• Because of the way that DNS works, it may take some time for corrected DNS entries for the affected websites to propagate worldwide – meaning there could be problems for some hours even after the fix.
• The attack was against the domain registrars Ascio and NetNames, both owned by the same parent company.
• Apparently the attacker managed to use an SQL injection attack to gain access to the domain accounts, and change the name servers.
• BBC Article

Feedback:

Home DNS Software:

• Simple DNS Plus
• DNSMasq
• OpenDNS
• B3 Server Review

A different kind of question for TechSNAP! : techsnap

Round-Up:

• Sex and Plugs and Geek Patrol
• EveryDNS/EditDNS Nameservers shutting down on Sep 9, 2011
• Facebook pays out $40K to hackers in three weeks
• Judge Decimates BitTorrent Lawsuit With Common Sense Ruling

Bitcoin-Blaster:

• The 800 pound gorilla in the room? The price of bitcoin is going down because miners are printing 50 BTC per 10 minutes
• Mt.Gox – FAKE!
• Bitcoin-wp-e-commerce
• Bitcoinica – Advanced Bitcoin Trading Platform
• Bitcoin Watch: $49,489,880 USD