A Gmail user from Iran has discovered what appears to be a fraudulent SSL certificate for *.google.com. The certificate was issued by DigiNotar, a certificate authority from the Netherlands on July 10, 2011. What does this mean? The Register explains it the best for non-Internet security folks, but in a nutshell, it allows the holder of this certificate to masquerade as Google. Used for malicious purposes, they could redirect your browser and phish away your Google account credentials, gaining access to your Google Plus, Gmail, Google Shopping, Google Docs and other Google-based service accounts. Or they could simply intercept data that you are sending to Google, eavesdrop on all your communications (including personal information and login information) and send it along, all without you knowing.
Update: A Microsoft Security Advisory(2607712) indicates that the DigiNotar certificate has been removed from the Microsoft Certificate Trust List, meaning that all Windows Vista and Windows 7 system will be protected. No further action should be necessary. Windows XP and Windows Server 2003 users should keep an eye out for an update, or follow the directions below.
Mac users: Follow these instructions to remove DigiNotar from your keychain.
The powers that be have already leaped into action, and the certificate has been added to the certificate revocation list (CRL). This means that if you attempt to browse one of these phony redirected sites, you should be alerted that something is afoot. Mozilla will be releasing updates to Firefox, Thunderbird, and Seamonkey that will revoke trust in DigiNotar, effectively protecting users from this particular security compromise. In the meantime, you can manual revoke the DigiNotar root in Firefox (see instructions below).
The latest version of Google Chrome should also be protected from the fraudulent certificate from DigiNotar, though there are measures you can take to make double-sure. Instructions below.
The first step you should do is to ensure that you have the latest version of whichever browser you are using. Get it here:
Securing Internet Explorer and Google Chrome from the Fake DigiNotar Certificate
These steps will add the phony certificate to your system as an Untrusted Certificate. This will affect both Internet Explorer and Chrome.
Open up Notepad.exe.
Go to http://pastebin.com/raw.php?i=ff7Yg663 and copy the text between the words BEGIN CERTIFICATE and END CERTIFICATE. Paste it into notepad.
Or, just copy and paste it from here:
MIIFKDCCBBCgAwIBAgIQBeLmpM0J6lTWZbB1/iKiVjANBgkqhkiG9w0BAQUFADBm MQswCQYDVQQGEwJOTDESMBAGA1UEChMJRGlnaU5vdGFyMSEwHwYDVQQDExhEaWdp Tm90YXIgUHVibGljIENBIDIwMjUxIDAeBgkqhkiG9w0BCQEWEWluZm9AZGlnaW5v dGFyLm5sMB4XDTExMDcxMDE5MDYzMFoXDTEzMDcwOTE5MDYzMFowajELMAkGA1UE BhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxFjAUBgNVBAcTDU1vdW50YWluIFZp ZXcxFzAVBgNVBAUTDlBLMDAwMjI5MjAwMDAyMRUwEwYDVQQDEwwqLmdvb2dsZS5j b20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDNbeKubCV0aCxhOiOS CSQ/w9HXTYuD5BLKuiqXNw3setdTymeJz2L8aWOHo3nicFNDVwWTgwWomGNr2J6Q 7g1iINNSW0rR4E1l2szRkcnAY6c6i/Eke93nF4i2hDsnIBveolF5yjpuRm73uQQD ulHjA3BFRF/PTi0fw2/Yt+8ieoMuNcMWN6Eou5Gqt5YZkWv176ofeCbsBmMrP87x OhhtTDckCapk4VQZG2XrfzZcV6tdzCp5TI8uHdu17cdzXm1imZ8tyvzFeiCEOQN8 vPNzB/fIr3CJQ5q4uM5aKT3DD5PeVzf4rfJKQNgCTWiIBc9XcWEUuszwAsnmg7e2 EJRdAgMBAAGjggHMMIIByDA6BggrBgEFBQcBAQQuMCwwKgYIKwYBBQUHMAGGHmh0 dHA6Ly92YWxpZGF0aW9uLmRpZ2lub3Rhci5ubDAfBgNVHSMEGDAWgBTfM8Cvkv43 /LbYFhbQ2bGR1fpupTAJBgNVHRMEAjAAMIHGBgNVHSAEgb4wgbswgbgGDmCEEAGH aQEBAQIEAQICMIGlMCcGCCsGAQUFBwIBFhtodHRwOi8vd3d3LmRpZ2lub3Rhci5u bC9jcHMwegYIKwYBBQUHAgIwbhpsQ29uZGl0aW9ucywgYXMgbWVudGlvbmVkIG9u IG91ciB3ZWJzaXRlICh3d3cuZGlnaW5vdGFyLm5sKSwgYXJlIGFwcGxpY2FibGUg dG8gYWxsIG91ciBwcm9kdWN0cyBhbmQgc2VydmljZXMuMEkGA1UdHwRCMEAwPqA8 oDqGOGh0dHA6Ly9zZXJ2aWNlLmRpZ2lub3Rhci5ubC9jcmwvcHVibGljMjAyNS9s YXRlc3RDUkwuY3JsMA4GA1UdDwEB/wQEAwIEsDAbBgNVHREEFDASgRBhZG1pbkBn b29nbGUuY29tMB0GA1UdDgQWBBQHSn0WJzIo0eMBMQUNsMqN6eF/7TANBgkqhkiG 9w0BAQUFAAOCAQEAAs5dL7N9wzRJkI4Aq4lC5t8j5ZadqnqUcgYLADzSv4ExytNH UY2nH6iVTihC0UPSsILWraoeApdT7Rphz/8DLQEBRGdeKWAptNM3EbiXtQaZT2uB pidL8UoafX0kch3f71Y1scpBEjvu5ZZLnjg0A8AL0tnsereOVdDpU98bKqdbbrnM FRmBlSf7xdaNca6JJHeEpga4E9Ty683CmccrSGXdU2tTCuHEJww+iOAUtPIZcsum U7/eYeY1pMyGLyIjbNgRY7nDzRwvM/BsbL9eh4/mSQj/4nncqJd22sVQpCggQiVK baB2sVGcVNBkK55bT8gPqnx8JypubyUvayzZGg==
You can also just download the .cer file directly from us.
Save it with a .cer extension. Not as a .txt file. Use something like badcert.cer.
The icon looks like this in Windows 7:
Open Control Panel and go to Internet Options. Click the Content tab. Click Certificates.
Click the right-arrow along the top till you see Untrusted Publishers. Click Import.
Browse to your badcert.cer file and import it.
Place it in Untrusted Certificates. Click Next until complete.
You’ll see DigiNotar’s certificate near the top.
Securing Mozilla Firefox from the Fraudulent DigiNotar Certificate
Mozilla has been totally awesome and on the ball here and has released official instructions for deleting the DigiNotar Certificate. Or, read on.
Click the Firefox button or Tools and choose Options. Go to Advanced > Encryption and click View Certificates.
Click Authorities and click the Certificate Name column to sort it alphabetically.
Scroll down to DigNotar Root CA. Select it and click Delete or Distrust.
Revoking DigiNotar Certificate in OS X
These steps are the equivalent of the above for IE / Chrome, but for OS X. After completing these steps, you’ll receive a warning whenever a website is certified by DigiNotar, even if it’s not the bogus one we’ve pointed out. That’s actually not a bad idea since DigiNotar’s involvement with this whole mess puts them on serious notice.
Go to Applications and choose Utilities. Launch KeyChain Access.
In the Keychains pane, select System Roots.
Find the DigiNotar entry on the right-hand pane.
Click the i icon on the status bar for more information.
Expand the Trust section. Under When using this certificate, change it to Never Trust. Enter your system password if prompted.
Hope these tips help all you groovyReaders stay safe! Let us know if you come across any other safety measures or have anything else to report.