US-CERT is aware of public reports of the existence of at least one fraudulent SSL certificate issued by DigiNotar. This fraudulent SSL certificate could be used by an attacker to masquerade as any subdomain of google.com.

Mozilla will be releasing new versions of Firefox for desktop (3.6.21, 6.0.1, 7, 8, and 9) and mobile (6.0.1, 7, 8, and 9). Additional information can be found in the Mozilla Security Blog.

Microsoft has removed the DigiNotar root certificate from the Microsoft Certificate Trust List. This change affects all versions of Windows Vista, Windows 7, Windows Server 2008, and Windows Server 2008 R2.  Microsoft will be releasing a future update for Windows XP and Windows Server 2003 to address this issue.  Additional information can be found in Microsoft Security Advisory 2607712.

US-CERT encourages users and administrators to apply any necessary updates to help mitigate the risks. US-CERT will provide additional information as it becomes available.

View full post on US-CERT Current Activity

Recently discovered attempts of an SSL man-in-the-middle attack against Google users – spotted by a number of Iranian Internet users – have revealed that Dutch Certificate Authority DigiNotar has issu…

View full post on Help Net Security – News

View full post on Job Central computer AND security in West Virginia

The successful hack attacks on RSA and Sony have served as wake-up calls to the world’s CEOs. Both attacks, aptly dubbed “reputational events,” have resulted in hundreds of millions — potentially billions — of dollars in lost revenue. Restoring a company’s good reputation after these types of incidents is not easy; sometimes it’s impossible.

View full post on Security – Infoworld

$5,000 ‘for one really good report’

A new Facebook program that pays cash rewards to people who report security bugs on the social networking site doled out more than $40,000 in its first three weeks.…

View full post on The Register – Security