Re: [Fed-Talk] Apple's Rogue DigiNotar CA mitigation?
Re: [Fed-Talk] Apple's Rogue DigiNotar CA mitigation?
- Subject: Re: [Fed-Talk] Apple's Rogue DigiNotar CA mitigation?
- From: "Colvin, Ron (GSFC-700.0)[SGT INC]" <email@hidden>
- Date: Wed, 31 Aug 2011 13:06:49 -0500
- Acceptlanguage: en-US
- Thread-topic: [Fed-Talk] Apple's Rogue DigiNotar CA mitigation?
This will take care of Chrome as well, keychain aware, firefox and thunderbird users must disable or delete within those separate Certificate stores.
Mobile
On Aug 31, 2011, at 12:13 PM, "David Mueller" <email@hidden> wrote:
> Yes, you can disable DigiNotar via Keychain Access. Open the app, click on
> the System Roots keychain, double-click on "DigiNotar Root CA", expand the
> Trust section of the window, and set "When using this certificate" to "Never
> Trust".
>
> This post has a slightly different method (with pictures), and suggests that
> it may be better to delete the cert rather than not trusting it:
>
> http://www.coriolis-systems.com/blog/2011/08/diginotar-certificate-security.
> php
>
> - David
>
>
> On 8/31/11 9:08 AM, "William Cerniuk" <email@hidden> wrote:
>
>> Unless you have a jailbroken phone, hard to determine if the cert is on the
>> iOS device.
>>
>> Trust this is visible in the keychain access app? Most Mac owners are not
>> going to use a old style terminal app.
>>
>> Best Regards,
>> Wm. Cerniuk
>>
>>
>>
>>
>> On Aug 31, 2011, at 11:51, Joel Esler <email@hidden> wrote:
>>
>>> Apple has not handled it yet.
>>>
>>> On Aug 31, 2011, at 11:50 AM, Disiena, Ridley J. (GRC-VO00)[DB Consulting
>>> Group, Inc.] wrote:
>>>
>>>>
>>>> Has anyone seen any Apple notification with regards to actions to be taken
>>>> on iOS and OS X to mitigate the rogue DigiNotar CA incident this week?
>>>>
>>>> Others companies have been quick to respond:
>>>> Mozilla Notice -
>>>> http://blog.mozilla.com/security/2011/08/29/fraudulent-google-com-cer
>>>> Google Notice -
>>>> http://googleonlinesecurity.blogspot.com/2011/08/update-on-attempted-man-in-
>>>> middle.html
>>>> Microsoft Notice -
>>>> http://www.microsoft.com/technet/security/advisory/2607712.mspx
>>>> Chromium Code added to address this:
>>>>
> http://codereview.chromium.org/7791032/diff/2001/net/base/x509_certificate.c>>>
> c
>>>>
>>>>
>>>> FYI: Command to remove the rogue DigiNotar Root CA certificate from OS-X
>>>> System Roots via its SHA1 hash value:
>>>> sudo security delete-certificate -Z C060ED44CBD881BD0EF86C0BA287DDCF8167478C
>>>> "/System/Library/Keychains/SystemRootCertificates.keychain"
>>>>
>>>> Note: I believe IOS also has this Root CA included by defult as well
>>>>
>>>>
>>>> - Ridley DiSiena CISSP
>
> _______________________________________________
> Do not post admin requests to the list. They will be ignored.
> Fed-talk mailing list (email@hidden)
> Help/Unsubscribe/Update your Subscription:
>
> This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden