Security & Privacy + Software & Apps

DigiNotar Certificate Hack: What Happened and How

Posted on September 12th, 2011 by

The big news in the security industry in the past couple of weeks has been a hack of DigiNotar, a Dutch certificate authority. We reported on this in late August, and Apple issued a security update last week to fix the problem on Macs.

The New York Times has a detailed look at what happened and how. This was the work of a lone hacker, "Comodohacker," an Iranian who shared the results of his hack with others in Iran, leading to possibility that some Iranians had their e-mail compromised. Google advised Iranian Gmail users to change their passwords because of this breach.

The hacker took 10 days to get access to DigiNotar's servers, and created 531 fake certificates, for sites such as Google, Facebook and Skype, as well as the CIA, MI6 and Mossad. As the New York Times says, "He shared them with a person or organization believed to have had control over dozens of Internet service providers and university networks in Iran — perhaps the government itself."

If you're using a Mac, make sure to apply the latest security update so you can be protected from any possible bogus certificates you may encounter.

  • Anonymous

    Surprised that Apple took soooooo long to address this serious issue! But, then again, Apple has itself become so secretive about all matters; not the Apple I once knew any longer…

Join Our Awesome Email Newsletter

Enter your email address below to start receiving the best Mac Security Updates.

{"url":"\/marketo\/json\/add-to-newsletter","data":"list_name=Blog Roadblock"}