Security & Privacy + Software & Apps

A Dutch certificate authority, DigiNotar, has issued a fraudulent SSL certificate for google.com, which may lead to people attempting to use Google services being compromised. According to H Security, “The certificate was issued on 10 July to unknown persons in Iran.”

The Electronic Frontier Foundation even states that this has led to man-in-the-middle attacks that may have put Iranian activists in danger.

Mac utility company Coriolis has posted instructions on how to get rid of the certificate, if you do, indeed, have it on your Mac. We checked our Macs and didn’t find any, but it would be safe for all Mac users to do the same, especially if they use Google services such as Gmail or Google Docs.

Web browsers will be updated to block this certificate, and Safari users can use this technique to protect themselves.

Update: Gregg Keizer is reporting at Computerworld that, in some cases, certificates revoked manually still work.

For even more information about the DigiNotar breach, see Joshua Long’s comprehensive article on How to Revoke Trust for DigiNotar Root CA Certs—Even On Older Macs.