How-To

Security Alert: DigiNotar Issues Fraudulent Google.com Certificate–Instructions for How to Protect Yourself

Google Fraudulent DigiNotar Secure Socket Layer CertificateA Gmail user from Iran has discovered what appears to be a fraudulent SSL certificate for *.google.com. The certificate was issued by DigiNotar, a certificate authority from the Netherlands on July 10, 2011. What does this mean? The Register explains it the best for non-Internet security folks, but in a nutshell, it allows the holder of this certificate to masquerade as Google. Used for malicious purposes, they could redirect your browser and phish away your Google account credentials, gaining access to your Google Plus, Gmail, Google Shopping, Google Docs and other Google-based service accounts. Or they could simply intercept data that you are sending to Google, eavesdrop on all your communications (including personal information and login information) and send it along, all without you knowing.

Update: A Microsoft Security Advisory(2607712) indicates that the DigiNotar certificate has been removed from the Microsoft Certificate Trust List, meaning that all Windows Vista and Windows 7 system will be protected. No further action should be necessary. Windows XP and Windows Server 2003 users should keep an eye out for an update, or follow the directions below.

Mac users: Follow these instructions to remove DigiNotar from your keychain.

The powers that be have already leaped into action, and the certificate has been added to the certificate revocation list (CRL). This means that if you attempt to browse one of these phony redirected sites, you should be alerted that something is afoot. Mozilla will be releasing updates to Firefox, Thunderbird, and Seamonkey that will revoke trust in DigiNotar, effectively protecting users from this particular security compromise. In the meantime, you can manual revoke the DigiNotar root in Firefox (see instructions below).

The latest version of Google Chrome should also be protected from the fraudulent certificate from DigiNotar, though there are measures you can take to make double-sure. Instructions below.

The first step you should do is to ensure that you have the latest version of whichever browser you are using. Get it here:

Securing Internet Explorer and Google Chrome from the Fake DigiNotar Certificate

These steps will add the phony certificate to your system as an Untrusted Certificate. This will affect both Internet Explorer and Chrome.

Step 1

Open up Notepad.exe.

Step 2

Go to http://pastebin.com/raw.php?i=ff7Yg663 and copy the text between the words BEGIN CERTIFICATE and END CERTIFICATE. Paste it into notepad.

diginotar certificate

Or, just copy and paste it from here:

MIIFKDCCBBCgAwIBAgIQBeLmpM0J6lTWZbB1/iKiVjANBgkqhkiG9w0BAQUFADBm
MQswCQYDVQQGEwJOTDESMBAGA1UEChMJRGlnaU5vdGFyMSEwHwYDVQQDExhEaWdp
Tm90YXIgUHVibGljIENBIDIwMjUxIDAeBgkqhkiG9w0BCQEWEWluZm9AZGlnaW5v
dGFyLm5sMB4XDTExMDcxMDE5MDYzMFoXDTEzMDcwOTE5MDYzMFowajELMAkGA1UE
BhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxFjAUBgNVBAcTDU1vdW50YWluIFZp
ZXcxFzAVBgNVBAUTDlBLMDAwMjI5MjAwMDAyMRUwEwYDVQQDEwwqLmdvb2dsZS5j
b20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDNbeKubCV0aCxhOiOS
CSQ/w9HXTYuD5BLKuiqXNw3setdTymeJz2L8aWOHo3nicFNDVwWTgwWomGNr2J6Q
7g1iINNSW0rR4E1l2szRkcnAY6c6i/Eke93nF4i2hDsnIBveolF5yjpuRm73uQQD
ulHjA3BFRF/PTi0fw2/Yt+8ieoMuNcMWN6Eou5Gqt5YZkWv176ofeCbsBmMrP87x
OhhtTDckCapk4VQZG2XrfzZcV6tdzCp5TI8uHdu17cdzXm1imZ8tyvzFeiCEOQN8
vPNzB/fIr3CJQ5q4uM5aKT3DD5PeVzf4rfJKQNgCTWiIBc9XcWEUuszwAsnmg7e2
EJRdAgMBAAGjggHMMIIByDA6BggrBgEFBQcBAQQuMCwwKgYIKwYBBQUHMAGGHmh0
dHA6Ly92YWxpZGF0aW9uLmRpZ2lub3Rhci5ubDAfBgNVHSMEGDAWgBTfM8Cvkv43
/LbYFhbQ2bGR1fpupTAJBgNVHRMEAjAAMIHGBgNVHSAEgb4wgbswgbgGDmCEEAGH
aQEBAQIEAQICMIGlMCcGCCsGAQUFBwIBFhtodHRwOi8vd3d3LmRpZ2lub3Rhci5u
bC9jcHMwegYIKwYBBQUHAgIwbhpsQ29uZGl0aW9ucywgYXMgbWVudGlvbmVkIG9u
IG91ciB3ZWJzaXRlICh3d3cuZGlnaW5vdGFyLm5sKSwgYXJlIGFwcGxpY2FibGUg
dG8gYWxsIG91ciBwcm9kdWN0cyBhbmQgc2VydmljZXMuMEkGA1UdHwRCMEAwPqA8
oDqGOGh0dHA6Ly9zZXJ2aWNlLmRpZ2lub3Rhci5ubC9jcmwvcHVibGljMjAyNS9s
YXRlc3RDUkwuY3JsMA4GA1UdDwEB/wQEAwIEsDAbBgNVHREEFDASgRBhZG1pbkBn
b29nbGUuY29tMB0GA1UdDgQWBBQHSn0WJzIo0eMBMQUNsMqN6eF/7TANBgkqhkiG
9w0BAQUFAAOCAQEAAs5dL7N9wzRJkI4Aq4lC5t8j5ZadqnqUcgYLADzSv4ExytNH
UY2nH6iVTihC0UPSsILWraoeApdT7Rphz/8DLQEBRGdeKWAptNM3EbiXtQaZT2uB
pidL8UoafX0kch3f71Y1scpBEjvu5ZZLnjg0A8AL0tnsereOVdDpU98bKqdbbrnM
FRmBlSf7xdaNca6JJHeEpga4E9Ty683CmccrSGXdU2tTCuHEJww+iOAUtPIZcsum
U7/eYeY1pMyGLyIjbNgRY7nDzRwvM/BsbL9eh4/mSQj/4nncqJd22sVQpCggQiVK
baB2sVGcVNBkK55bT8gPqnx8JypubyUvayzZGg==

You can also just download the .cer file directly from us.

Step 3

Save it with a .cer extension. Not as a .txt file. Use something like badcert.cer.

The icon looks like this in Windows 7:

diginotar bad cer

Step 4

Open Control Panel and go to Internet Options. Click the Content tab. Click Certificates.

internet explorer certificates

Step 5

Click the right-arrow along the top till you see Untrusted Publishers. Click Import.

diginotar fake google certificate

Step 6

Browse to your badcert.cer file and import it.

fixing chrome from diginotar trust

Step 7

Place it in Untrusted Certificates.  Click Next until complete.

revoking diginotar certificate IE and CHROME

Step 8

You’ll see DigiNotar’s certificate near the top.

untrusting diginotar

Securing Mozilla Firefox from the Fraudulent DigiNotar Certificate

Mozilla has been totally awesome and on the ball here and has released official instructions for deleting the DigiNotar Certificate. Or, read on.

Step 1

Click the Firefox button or Tools and choose Options. Go to Advanced > Encryption and click View Certificates.

.gmail fake diginotar certificate SSL

Step 2

Click Authorities and click the Certificate Name column to sort it alphabetically.

Step 3

Scroll down to DigNotar Root CA. Select it and click Delete or Distrust.

distrusting diginotar in chrome and IE

Revoking DigiNotar Certificate in OS X

These steps are the equivalent of the above for IE / Chrome, but for OS X. After completing these steps, you’ll receive a warning whenever a website is certified by DigiNotar, even if it’s not the bogus one we’ve pointed out. That’s actually not a bad idea since DigiNotar’s involvement with this whole mess puts them on serious notice.

Step 1

Go to Applications and choose Utilities. Launch KeyChain Access.

Revoking digital certificate from diginotar in OS X

Step 2

In the Keychains pane, select System Roots.

Step 3

Find the DigiNotar entry on the right-hand pane.

Step 4

Click the i icon on the status bar for more information.

diginotar os x safari

Step 5

Expand the Trust section. Under When using this certificate, change it to Never Trust. Enter your system password if prompted.

diginotar os x safari removal

Conclusion

Hope these tips help all you groovyReaders stay safe! Let us know if you come across any other safety measures or have anything else to report.


1 Comment

1 Comment

  1. Amazing issues here. I am very happy to look your article. Thanks so much and I am looking ahead to contact you. Will you please drop me a e-mail?

Leave a Reply

Your email address will not be published. Required fields are marked *

 

To Top