A Post Mortem on the Iranian DigiNotar Attack

https://www.eff.org/deeplinks/2011/09/post-mortem-iranian-diginotar-attack

How can I protect myself?

Until we have augmented or replaced the CA system with something more secure, all of our fixes to the problem of HTTPS/TLS/SSL insecurity will be band-aids. However, some of these band-aids are important:

  • The first thing that Internet users should do to protect themselves is to always install browser and operating system updates as quickly as possible when they become available.
  • Another useful step is to configure your browser to always check for certificate revocation before connecting to HTTPS websites (in Firefox, this setting is Edit→Preferences→Advanced→Encryption→Validation→When an OCSP server connection fails, treat the certificate as invalid).
  • Firefox users who are particularly concerned (and willing to do more work to protect themselves) may also consider installing Convergence to warn them when certificates they see are different from certificates seen elsewhere in the world and Certificate Patrol to warn them whenever certificates change — legitimately or otherwise.
  • Users of Google services in particular can choose to enable two-factor authentication, which makes it hard for attackers who steal Google passwords to reuse them later. Any user of Google service with a concrete concern that someone else wants to take over their Google accounts should consider using this protection.
  • kissimme florids kissmmee fl saint cloud fl saint cloud florida osceola county 34769


    Comments are closed