Re: [Fed-Talk] Apple's Rogue DigiNotar CA mitigation?
Re: [Fed-Talk] Apple's Rogue DigiNotar CA mitigation?
- Subject: Re: [Fed-Talk] Apple's Rogue DigiNotar CA mitigation?
- From: William Cerniuk <email@hidden>
- Date: Wed, 31 Aug 2011 14:07:24 -0400
Thank for checking David :-)
V/R,
Wm.
On Aug 31, 2011, at 12:13, David Mueller <email@hidden> wrote:
> Yes, you can disable DigiNotar via Keychain Access. Open the app, click on
> the System Roots keychain, double-click on "DigiNotar Root CA", expand the
> Trust section of the window, and set "When using this certificate" to "Never
> Trust".
>
> This post has a slightly different method (with pictures), and suggests that
> it may be better to delete the cert rather than not trusting it:
>
> http://www.coriolis-systems.com/blog/2011/08/diginotar-certificate-security.
> php
>
> - David
>
>
> On 8/31/11 9:08 AM, "William Cerniuk" <email@hidden> wrote:
>
>> Unless you have a jailbroken phone, hard to determine if the cert is on the
>> iOS device.
>>
>> Trust this is visible in the keychain access app? Most Mac owners are not
>> going to use a old style terminal app.
>>
>> Best Regards,
>> Wm. Cerniuk
>>
>>
>>
>>
>> On Aug 31, 2011, at 11:51, Joel Esler <email@hidden> wrote:
>>
>>> Apple has not handled it yet.
>>>
>>> On Aug 31, 2011, at 11:50 AM, Disiena, Ridley J. (GRC-VO00)[DB Consulting
>>> Group, Inc.] wrote:
>>>
>>>>
>>>> Has anyone seen any Apple notification with regards to actions to be taken
>>>> on iOS and OS X to mitigate the rogue DigiNotar CA incident this week?
>>>>
>>>> Others companies have been quick to respond:
>>>> Mozilla Notice -
>>>> http://blog.mozilla.com/security/2011/08/29/fraudulent-google-com-cer
>>>> Google Notice -
>>>> http://googleonlinesecurity.blogspot.com/2011/08/update-on-attempted-man-in-
>>>> middle.html
>>>> Microsoft Notice -
>>>> http://www.microsoft.com/technet/security/advisory/2607712.mspx
>>>> Chromium Code added to address this:
>>>>
> http://codereview.chromium.org/7791032/diff/2001/net/base/x509_certificate.c>>>
> c
>>>>
>>>>
>>>> FYI: Command to remove the rogue DigiNotar Root CA certificate from OS-X
>>>> System Roots via its SHA1 hash value:
>>>> sudo security delete-certificate -Z C060ED44CBD881BD0EF86C0BA287DDCF8167478C
>>>> "/System/Library/Keychains/SystemRootCertificates.keychain"
>>>>
>>>> Note: I believe IOS also has this Root CA included by defult as well
>>>>
>>>>
>>>> - Ridley DiSiena CISSP
>
> _______________________________________________
> Do not post admin requests to the list. They will be ignored.
> Fed-talk mailing list (email@hidden)
> Help/Unsubscribe/Update your Subscription:
>
> This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden