Re: [Fed-Talk] Apple's Rogue DigiNotar CA mitigation?
Re: [Fed-Talk] Apple's Rogue DigiNotar CA mitigation?
- Subject: Re: [Fed-Talk] Apple's Rogue DigiNotar CA mitigation?
- From: "Pike, Michael (IHS/HQ)" <email@hidden>
- Date: Wed, 31 Aug 2011 12:13:50 -0400
- Acceptlanguage: en-US
- Thread-topic: [Fed-Talk] Apple's Rogue DigiNotar CA mitigation?
Wow....
This is one of the reasons I love fedtalk - between all of us we are the definitive news source, I did not even know about this!!!
I hope apple addresses it with a security patch and not an OS update... right now I am reluctant to install any apple OS updates as they seem to break more than they fix with Lion.
On Aug 31, 2011, at 9:50 AM, Disiena, Ridley J. (GRC-VO00)[DB Consulting Group, Inc.] wrote:
Has anyone seen any Apple notification with regards to actions to be taken on iOS and OS X to mitigate the rogue DigiNotar CA incident this week?
Others companies have been quick to respond:
Mozilla Notice - http://blog.mozilla.com/security/2011/08/29/fraudulent-google-com-cer
Google Notice - http://googleonlinesecurity.blogspot.com/2011/08/update-on-attempted-man-in-middle.html
Microsoft Notice - http://www.microsoft.com/technet/security/advisory/2607712.mspx
Chromium Code added to address this: http://codereview.chromium.org/7791032/diff/2001/net/base/x509_certificate.cc
FYI: Command to remove the rogue DigiNotar Root CA certificate from OS-X System Roots via its SHA1 hash value:
sudo security delete-certificate -Z C060ED44CBD881BD0EF86C0BA287DDCF8167478C "/System/Library/Keychains/SystemRootCertificates.keychain"
Note: I believe IOS also has this Root CA included by defult as well
- Ridley DiSiena CISSP
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden<mailto:email@hidden>)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden