Results 1 to 2 of 2

Thread: DigiNotar certificates

  1. #1
    Diamond Member AndyD's Avatar
    Join Date
    Jan 2010
    Cape Town
    Thanked 805 Times in 641 Posts

    DigiNotar certificates

    HTTPS is the secure protocol that banking and many other transactions are made across. Recently it's not been so secure after DigiNotar which is a Dutch company that issues certificates for secure keys was hacked and the root certificate compromised.

    In laymans terms HTTPS is designed to provide a secure and encrypted connection between you and your internet banking server for example. You have a key for the secure server which allows you access and the certificate is the way of checking your key is genuine and untampered with. This ensures that your communications with the server cannot be intercepted by a 'man in the middle'. The hacking of Diginotar has allowed 'man in the middle' attacks of secure connections of Google, Wordpress, Mozilla and The TOR Project amongst others.

    The bad news is your browser hangs on to these root certificates for dear life so if your certificate has been compromised you may need to dig it out manually using a tool supplied by your browser developers. Most browsers will address the issue with their next major update.

    It looks like this attack is a progression of the Commodohack attacker who also claims to have compromised Globalsign a while ago and the motivation is political and not financial at the moment. That said it's only a short step to other systems including government communications, banking, online shopping etc being insecure.

    This kind of action could also have further reaching consequences than the fall in VASCO stock price that followed these incidents if consumer trust in internet commerce sites takes a knock.
    I am special and so is Vanash.

  2. Thanks given for this post:

    Dave A (08-Sep-11)

  3. #2
    Site Caretaker Dave A's Avatar
    Join Date
    May 2006
    Durban, South Africa
    Thanked 2,397 Times in 2,004 Posts
    Blog Entries
    I would hope when it comes to the banks, they'd take quick action to correct the problem if their secure services become compromised.

    Many years ago one of the gateway payment operations I had used got hacked. The first I knew about it was when I got a call from Standard Bank card division telling me about it. Just to make sure, they had stopped my current credit card, and a new one would be at the bank within a couple of days.

    "We apologise for the inconvenience", they said.
    "No probelm. Thank you for being on top of it" was my reply.

    So surely the banks would change their certificates in this situation.
    Perhaps even the certificate provider...

    Seeing opportunity changes nothing. Seizing opportunity and running with it changes lives.

Similar Threads

  1. AWOL and Medical Certificates
    By Ankia in forum Labour Relations and Legislation Forum
    Replies: 32
    Last Post: 12-Nov-09, 01:23 AM
  2. [Question] Fraud on Medical certificates
    By Fitness freak in forum Labour Relations and Legislation Forum
    Replies: 27
    Last Post: 28-Oct-09, 11:43 AM
  3. Electrical Compliance Certificates: Originals?
    By Sieg in forum Electrical Contracting Industry Forum
    Replies: 12
    Last Post: 30-Oct-07, 01:35 PM
  4. Certificates of compliance
    By murdock in forum Electrical Contracting Industry Forum
    Replies: 4
    Last Post: 05-Oct-07, 09:33 PM
  5. Replies: 1
    Last Post: 01-Oct-07, 07:14 AM

Did you like this article? Share it with your favourite social network.

Did you like this article? Share it with your favourite social network.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts