Technology Advisor Blog

Fake SSL Certificates - The Latest Security Threat

Posted by Ann Westerheim on 9/7/11 3:26 PM

SSL Security - Fake CertificatesIt seems there's always a new computer threat to watch out for, and the most recent breach in the news is really scary.  Dutch Certificate Authority (CA), DigiNotar, was recently hacked and the result is that fake SSL security certificates were issued.  This is the Internet equivalent of impersonating a police officer.  We're all taught to be careful on the web and a look for an https (Hypertext Transfer Protocol Secure) connection so we know we're safe when transmitting data.  But when the certificate itself is fake, we can easily be fooled.

With a fake SSL certificate, you're vulnerable to what's known as man-in-the-middle (MITM) attacks. You think you have a secure connection when logging on to Google mail, your bank, or other sites, but because the certificate itself is fake, all your transmissions can be intercepted.  We rely on SSL encryption to scramble our communications, but in this case, it's wide open to the hackers. 

Microsoft effectively activated a "kill switch" yesterday to ban all use of DigiNotar certificates.  If you haven't updated your system with Microsoft updates, do it now.  The reference knowledgebase article is KB2607712 - http://support.microsoft.com/kb/2607712.   All the major browsers have blocked DigiNotar certificates from their browsers.  When the trusted authorities can no longer be trusted, who can you trust?  Stay alert!

Tags: computer security, fruadulent SSL certificates, Microsoft Updates

Subscribe by Email

Most Popular Posts

Browse by Tag

See all tags...

Connect With Us

Older Blog Posts

For older Ekaru blog posts, go to ekaru.blogspot.com.