Apple revokes DigitNotar certs, Mozilla asks CAs to audit

Share this article:

Apple is the last of the major web browser makers to revoke certificates issued by embattled Dutch-based certificate authority DigiNotar.

In a security advisory released Friday, the Cupertino, Calif.-based computing giant updated Mac OS X 10.6.8 and 10.7.1 to remove DigiNotar from its list of trusted root and extended-validation (EV) SSL certificates. In addition, the patch from Apple configures the Mac platform's default system settings to not trust DigiNotar certificates issued by DigiNotar or any of its partners.

Apple did not, however, release updates for iOS, which powers its iPad and iPhone devices.

Microsoft, Mozilla, Google and Opera already have released updates revoking the DigiNotar certs.

Meanwhile, Adobe said Thursday that it was "in the process of removing the DigiNotar Qualified CA certificate from the Adobe Approved Trust List (AATL)."

And Mozilla, maker of the Firefox browser, is asking all CAs that participate in its root program to audit its PKI infrastructure and systems "to check for intrusion or compromise." In addition, the request, sent Thursday from Kathleen Wilson, owner of Mozilla's CA Certificates Module, asks respondents to ensure that multifactor authentication is in place for all accounts that can issue certificates, as well as confirming that other security controls are deployed.

"Participation in Mozilla's root program is at our sole discretion, and we will take whatever steps are necessary to keep our users safe," the note said. "Nevertheless, we believe that the best approach to safeguard that security is to work with CAs as partners, to foster open and frank communication, and to be diligent in looking for ways to improve."

CAs DigiNotar, which is owned by U.S.-based VASCO, and Jersey City, N.J.-based Comodo have fallen victim this year to hacker attacks. The breaches have resulted in the issuance of counterfeit certificates for such high-profile websites as Google.

Almost all of the victims in both incidents appear to live in Iran.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

Researchers observe more than a hundred connections to 'Backoff' sinkhole

Researchers with Kaspersky Lab were able to sinkhole two command-and-control servers used by certain Backoff point-of-sale malware samples.

Judge lifts stay but Microsoft won't hand over emails during appeal

A judge has lifted a suspension of a previous order compelling Microsoft to hand over customer emails stored on a server in Ireland.

Home Depot investigates possible payment card breach

Home Depot investigates possible payment card breach

Home Depot said on Tuesday that it is working with its banking partners and law enforcement to investigate a possible data breach.