Hackers who broke into a "Dutch" web security firm DigiNotar, a subsidiary of Chicago-based Vasco Inc, have issued hundreds of bogus security certificates for spy agency websites including the CIA as well as for internet giants like Google, Microsoft and Twitter, the government said Monday.
DigiNotar is one of many companies which sell the security certificates widely used to authenticate websites and guarantee that communications between a user's browser and a website are secure.
Experts say they suspect the hacker — or hackers — operated with the co-operation of the Iranian government.
So far, only a handful of users in Iran are known to have been affected. In addition, the latest versions of browsers such as Microsoft's Internet Explorer, Google's Chrome and Mozilla's Firefox are now rejecting certificates issued by the firm that was hacked, DigiNotar.
But in a statement Monday, the Dutch Justice Ministry published a list of the fraudulent certificates that greatly expands the scope of the July hacking attack that DigiNotar first acknowledged last week. The list includes sites operated by Yahoo, Facebook, Microsoft, Google, Skype, AOL, Mozilla, TorProject, and WordPress, as well as spy agencies including the CIA, Israel's Mossad and Britain's MI6.
Gervase Markham, a Mozilla developer who has been involved in the response to the DigiNotar failure, warned Iranian internet users on Monday to update their browsers, "log out of and back into every email and social media service you have" and change all passwords.
Ot van Daalen director of Bits of Freedom, an online civil liberties group.said he believed the DigiNotar incident will ultimately lead to a reform of authentication technology.
Although no users in the Netherlands are known to have been victimized directly by the hack, it has caused a major headache for the Dutch government, which relied on DigiNotar for authentication of most of its websites.
For more: Hacked site issued bogus security certificates - Business - CBC News
No comments:
Post a Comment