Linked by Thom Holwerda on Mon 5th Sep 2011 22:26 UTC
Privacy, Security, Encryption So, people from within Iran have hacked the Dutch company DigiNotar, allowing them to issue fake certificates so they could listen in on Iranian dissidents and other organisation within Iran. This is a very simplified version of the story, since it's all quite complicated and I honestly don't even understand all of it. In any case, DigiNotar detected the intrusion July 19, but didn't really do anything with it until it all blew up in their face this past week. Now, the Dutch government has taken over operational management of DigiNotar... But as a Dutch citizen, that doesn't really fill me with confidence, because, well - whenever the Dutch government does anything even remotely related to IT technology, they mess it up. And mess it up bad.
Thread beginning with comment 488652
To view parent comment, click here.
To read all comments associated with this story, please click here.
Lennie
Member since:
2007-09-22

So I guess you also removed Comodo, last time ?

To bad you can't use a quarter of the whole HTTPS sites on the internet.

You see, it isn't that simple. :-(

Reply Parent Score: 2

Alfman Member since:
2011-01-28

I didn't even know Comodo was hit.

http://www.infoworld.com/t/authentication/weaknesses-in-ssl-certifi...


You can't reasonably block them without breaking most HTTPS sites. If I'm not mistaken, microsoft has also chosen them to do code signing certificates in win vista+.

Reply Parent Score: 2

Bill Shooter of Bul Member since:
2006-07-14

I was referring to a different use of HTTPS other than the www. Which, I'd prefer not to delve into. But rest assured Comodo is blacklisted as is DigiNotar. In fact, we're in the process of switching to our own white list, rather than the default ones you see in browsers.

But actually, I did personally remove it from all of my browsers. It hasn't been a problem yet. Are there any big sites that actually use Comodo as a cert? Most I see are GeoTrust, Verisign,Thawte, Net Sol, TrustWave.

Reply Parent Score: 2

LB06 Member since:
2005-07-06

So, what do you do when you need to electronically communicate with some websites that use a certificate signed by some CA you don't trust?

Reply Parent Score: 2