Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: Where are the ACTIVE secrity threats discussed??

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Open Discussions

This thread has been marked as locked.
DaaBoss Where are the ACTIVE secrity threats discussed??
Member 31st Aug, 2011 17:16
Ranking: 0
Posts: 8
User Since: 31st Aug, 2011
System Score: N/A
Location: US
Last edited on 31st Aug, 2011 17:30

I'm new to this forum, but, I've been using the personal scan for quite some time. I learned of what sounded like a significant threat today in FireFox, where a ROOT CERT was evidently forged. Not for some obscure company, but for Google!

So, I did an update to the rules. (Rules update, which I had to do a scan to effect. So, I'd like a BUTTON that would JUST update the rules). I expected to be able to go to Firefox and just check to see if you had recorded the security threat. PSI did not. So, I assumed, I'd at least come here and see an active discussion about it. One post in 3 days?? Really??

I'm assuming that there must be another forum, either internal to the company or not where threats are discussed, or you couldn't warn or fix user's security problems in a timely fashion. So, where is it??

Here is the threat I saw today. Maybe this one is not as significant as it sounds, but if the next one is, how can you prevent the damage without an active community??

NOTE that Firefox has a complete upgrade to address just this ONE threat. OR, you can manually do the following:

FROM: http://support.mozilla.com/en-US/kb/deleting-digin...">6fea9ec37a873545 8584680c311adeae

MANUALLY Deleting the DigiNotar CA certificate

"http://blog.mozilla.com/security/2011/08/29/fraudu...
Mozilla has learned that a fraudulent "http://en.wikipedia.org/wiki/Ssl_certificate" SSL certificate for websites belonging to Google has been issued by "http://www.diginotar.com/" DigiNotar.

This is not a Firefox-specific issue and the certificate has now been canceled which should protect most people.

Mozilla has released an update to Firefox to further protect you. << OR >> Please update as soon as possible by following the steps in the "http://support.mozilla.com/en-US/kb/Updating%20Fir..." Updating Firefox article.

You can manually delete this certificate from any version of Firefox with these steps:

* At the top of the Firefox window, click on the Firefox button (Tools menu in Windows XP) and then click Options.
* Click on the Advanced panel
* Select the Encryption tab
* Click View Certificates
* In the Certificate Manager window, select the Authorities tab
* Scroll down to DigiNotar and select the DigiNotar Root CA
* Click Delete or Distrust...
* Click OK to confirm
* Because the certificate is "built-in" it will be distrusted but not deleted. Distrusting the certificate has the same effect as deleting it

Anthony Wells RE: Where are the ACTIVE secrity threats discussed??
Expert Contributor 31st Aug, 2011 17:50
Score: 2437
Posts: 3,324
User Since: 19th Dec 2007
System Score: N/A
Location: N/A
Last edited on 31st Aug, 2011 18:47
Hi ,

Mog's provides a personally provided thread which has a daily feed of security items (scroll down to the '90's for the certificate issuing problem - there are several posts) :-

http://secunia.com/community/forum/thread/show/112...

with a regular INDEX :-

http://secunia.com/community/forum/thread/show/113...

SANS is a useful source of major risk warnings :-

http://isc.sans.org/

THe PSI only provides you with information on when a security patch is available to patch a known vulnerability ; if there is a vulnerabilty WITHOUT a solution PSI will show it as patched/up to date , more information may be available in the "secure browsing module (for experienced users) if Secunia have a Secunia Advisory on the subject .

Firefox notified me of an update to version 6.0.1 today ; I installed it but have not had the chabce to check the "security" implications nor whether the update is/was displayed by the PSI which does not cover "bug nor eye candy"fixes .

Hope that helps ; ask if anything is not clear .

Anthony

EDIT As i read things , the Ff update is like a workaround but very important if you have the certificate :-

https://developer.mozilla.org/devnews/index.php/20...

However , Secunia do not list any vulnerabilities nor , therefor , posts any Advisory for Ff 6.0 and so , by it's own rules may not/cannot suggest an update from 6.0 to 6.0.1 :-

http://secunia.com/advisories/product/37619/

It will be interesting to see how Secunia deal with this

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+1
-0
DaaBoss RE: Where are the ACTIVE secrity threats discussed??
Member 31st Aug, 2011 20:28
Score: 0
Posts: 8
User Since: 31st Aug 2011
System Score: N/A
Location: US
Anthony. -- I found a VIM 3.1 site that my login credentials doesn't work with. What is that?

Also, I found your links useful Too bad they are so obscure. Lots of information about the FFox update and what triggered it. There was also another auto update done for Chrome. OK, so, where is Safari and IE??
Was this reply relevant?
+0
-0
ddmarshall RE: Where are the ACTIVE secrity threats discussed??
Dedicated Contributor 31st Aug, 2011 20:53
Score: 1208
Posts: 960
User Since: 8th Nov 2008
System Score: 98%
Location: UK
Last edited on 31st Aug, 2011 20:54
This is not a bug in the browsers. It has been caused by a Certificate Authority issuing a certificate without checking who they were issuing it to.

Microsoft's answer to this is here
http://www.microsoft.com/technet/security/advisory...

There is no need for any action unless you are running XP or Server 2003 as Microsoft manages certificates automatically since Vista. An update for XP and Server 2003 will be needed.

More information:
http://www.us-cert.gov/current/index.html#fraudule...
http://isc.sans.edu/diary/DigiNotar+SSL+Breach/114...

There doesn't seem to have been an official Apple response yet. There are some instructions on disabling/deleitng the DigiNotar root certificate in this blog:
http://www.coriolis-systems.com/blog/2011/08/digin...

PS
VIM is a paid for Secunia product.

--
This answer is provided “as-is.” You bear the risk of using it.
Was this reply relevant?
+1
-0
DaaBoss RE: Where are the ACTIVE secrity threats discussed??
Member 1st Sep, 2011 00:41
Score: 0
Posts: 8
User Since: 31st Aug 2011
System Score: N/A
Location: US
Re: Microsoft's solution: I'm assuming that you are referring to the Certs in IE. But, if you are running FFox, it would not cover it. Right? Or, are the Certs checked in windows Firewall?
Was this reply relevant?
+0
-0
ddmarshall RE: Where are the ACTIVE secrity threats discussed??
Dedicated Contributor 1st Sep, 2011 11:11
Score: 1208
Posts: 960
User Since: 8th Nov 2008
System Score: 98%
Location: UK
Last edited on 1st Sep, 2011 11:41
Yes, Firefox manages its own list of root certificates. The Windows store has been updated automatically since Vista. The Firewall is not involved in this.

If you are interested in how it works, I suggest you follow the links in the FAQs in the Microsoft Advisory and look at these articles
http://support.microsoft.com/kb/931125
http://technet.microsoft.com/en-us/library/cc74933...

Update.
It seems that Safari on Windows uses the Windows Certificate Store. Therefore, there is no need for an update to Safari.

--
This answer is provided “as-is.” You bear the risk of using it.
Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability