Archive for 2011/09/04

DigiNotar Update: Possibly more than 447 SSL-Certificates forged. Company expected to file a criminal complaint on Monday

Posted: 2011/09/04 in Cybercrime, Education / Awareness, Network Security, Privacy / Data Protection, Public Policy

Marietje Schaake, Member of the European Parliament, has labeled the situation as “completely unacceptable”.

“It’s unacceptable that companies in the EU support oppressive regimes, intentionally or not”

Dutch language article:
http://www.nu.nl/internet/2606822/diginotar-hack-ondermijnt-windows-beveiliging.html 

Dutch media: DigiNotar hackers also compromised Windows Update domain certificates

Posted: 2011/09/04 in Cybercrime, Education / Awareness, Network Security, Privacy / Data Protection

CN=*.windowsupdate.com
CN=www.update.microsoft.com

Dutch language news article:
http://www.nrc.nl/nieuws/2011/09/04/gratis-e-maildiensten-cia-mossad-en-oppositie-doelwit-iraanse-hack/

Possibly connection between DigiNotar hack and Comodo hack earlier this year

Posted: 2011/09/04 in Cybercrime, Education / Awareness, Network Security, Privacy / Data Protection, Stats / reports

Mikko Hypponen notes the following:

There’s a possible message in the rogue certificates that might link Diginotar breach to the Comodo / InstantSSL breach in March. 

From “Comodo Hacker” in March: http://pastebin.com/74KXCaEZ – Look at the ending. One of the Diginotar certs was for JanamFadayeRahbar.com

and:

Diginotar hacker created a certificate for the website of another CA: startssl.com. If I were them, I’d check my system carefully.

http://twitter.com/#!/mikkohypponen

About the Comodo hack incident:
http://www.comodo.com/Comodo-Fraud-Incident-2011-03-23.html
http://blogs.comodo.com/it-security/data-security/the-recent-ra-compromise/

Jacob Appelbaum: The worst about these certs? The attackers got *.*.com and *.*.org from Koninklijke Notariele Beroepsorganisatie CA

Posted: 2011/09/04 in Cybercrime, Education / Awareness, Network Security, Privacy / Data Protection

http://twitter.com/#!/ioerror/status/110387909890285568

Now we know why the Dutch Secret Service is investigating the DigiNotar hack attack: The hackers have also forged DigiNotar SSL-certificates for domains belonging to the CIA, Mossad and MI6

Posted: 2011/09/04 in Cybercrime, Education / Awareness, Google, Network Security, Privacy / Data Protection, Public Policy

http://www.CIA.gov, *.mossad.gov.il, and http://www.sis.gov.uk

Verisign and Thawte certificates also compromised

Dutch language news article:
http://webwereld.nl/nieuws/107813/cia–mossad-en-mi6-doelwit-van-diginotar-hackers.html

More details and more affected domains here:
http://blog.gerv.net/2011/09/diginotar-compromise/
https://docs.google.com/spreadsheet/ccc?pli=1&key=0AtLNtYDDyKsudG1lc2xmRDZRNTBkdXR1M0gzelZ3MkE&hl=en_GB#gid=0 

Microsoft: We’re in the process of moving all DigiNotar CAs to the Untrusted Root Store which will deny access to any website using DigiNotar CAs

Posted: 2011/09/04 in Education / Awareness, Network Security, Privacy / Data Protection

http://twitter.com/#!/msftsecresponse/statuses/110168309600755712

Google: Our top priority is to protect the privacy and security of our users. Based on the findings and decision of the Dutch government, as well as conversations with other browser makers, we have decided to reject all of the Certificate Authorities operated by DigiNotar. We encourage DigiNotar to provide a complete analysis of the situation

Posted: 2011/09/04 in Education / Awareness, Google, Network Security, Privacy / Data Protection

http://googleonlinesecurity.blogspot.com/2011/08/update-on-attempted-man-in-middle.html

Music Industry Piracy Investigations has recruited a prominent figure to become the next General Manager of their organization. MIPI will be hoping that when ex-Microsoft director of intellectual property Vanessa Hutley starts work in a few days time, she’ll be more optimistic of winning the piracy fight than she was in 2008

Posted: 2011/09/04 in Copyright, Education / Awareness, Enforcement, Illegal File Sharing

Back then Hutley declared that it would “never” be possible to stop people obtaining pirated media from file-sharing sites.

http://torrentfreak.com/anti-piracy-outfit-recruits-microsoft-director-to-work-on-mission-impossible-110903/

German website creates two-click Like button, Facebook not amused – Heise has created a system where you need to enable the Facebook Like button on the German website before being able to use it

Posted: 2011/09/04 in Education / Awareness, Network Security, New Business Models, Privacy / Data Protection, Tech Evolution

http://www.zdnet.com/blog/facebook/german-website-creates-two-click-like-button-facebook-not-amused/3247

How a Despicable Computer Consultant Terrorized More than 100 People by Watching Their Every Move

Posted: 2011/09/04 in Cybercrime, Education / Awareness, Network Security, Privacy / Data Protection

http://gizmodo.com/5837152/how-a-despicable-computer-consultant-terrorized-more-than-100-people-by-watching-their-every-move

The decline and fall of TiVo and Media Center

Posted: 2011/09/04 in Education / Awareness, New Business Models, Tech Evolution

http://www.zdnet.com/blog/bott/the-decline-and-fall-of-tivo-and-media-center/3869

HTC’s Statement Regarding CIQ Data Collection (use of spying tool)

Posted: 2011/09/04 in Education / Awareness, Network Security, Privacy / Data Protection

http://www.xda-developers.com/android/htcs-statement-regarding-ciq-data-collection/