A Saga DigiNotar

Google, Mozilla and Microsoft ban the DigiNotar Certificate Authority in their browsers
Zero Day


"According to multiple blog posts, Google, Mozilla and Microsoft have already banned the DigiNotar Certificate Authority in their browsers. This preemptive move comes as a direct response to the mess that DigiNotar created by issuing over 200 rogue certificates for legitimate web sites and services — see a complete list of the affected sites and services.

Earlier this week, Google reported of attempted man-in-the-middle attacks executed against Google users, and most recently, TrendMicro offered insights into a large scale spying operation launched against Iranian web users.

(...)

Meanwhile, the Dutch government issued a statement saying that it “cannot guarantee the security of its own websites” and is “taking over the company’s (DigiNotar) operations.” “the user of government sites no longer has the guarantee … that he is on the site where he wanted to be,” Interior Minister Piet Hein Donner said at a pre-dawn press conference.

Moreover, Illinois-based VASCO, which owns the Dutch-based DigiNotar issued the following statement: DigiNotar detected an intrusion into its Certificate Authority (CA) infrastructure, which resulted in the fraudulent issuance of public key certificate requests for a number of domains, including Google.com.

(...)