[OWASP-LongIsland] FYI - Rouge Google SSL certificate will facilitate MITM attacks

Helen Gao helen.gao at owasp.org
Fri Sep 2 17:58:04 EDT 2011


Hi OWASP folks,



If you have not updated your browser recently, you might consider doing so
as soon as possible.  The reason is there are rouge SSL certificates out
there that can man-in-the-middle attack your access to Google and other
popular websites.


Both Chrome or FireFox have been modify to detect the rouge certificate.
Here<http://googleonlinesecurity.blogspot.com/2011/08/update-on-attempted-man-in-middle.html>
is
the advisory from Google and a related article in
F-Secure<http://www.f-secure.com/weblog/archives/00002228.html>.
 It's still unclear how many such rouge certificates had been issued by this
CA called Diginotar.  So pay attention to the browser warnings.

Enjoy your holiday weekend.

Helen Gao
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-longisland/attachments/20110902/0bff8df3/attachment.html 


More information about the Owasp-LongIsland mailing list