DigiNotar security certificates blocked by Google, Mozilla and Microsoft
Google, Microsoft and Mozilla have permanently blocked digital security certificates issued by a Dutch organisation after it was found that a group of hackers had hijacked over 500 codes from the firm.
The problem is that the company – DigiNotar – created SSL notations that are used by online businesses to verify that they are who they say they are.
With the right certificate, a website can pretend to be – for example – a Facebook login page that looks entirely legitimate, right down to the inclusion of the little padlock symbol in the URL bar.
The danger presented by this theft is that malicious site owners may be able to pull off phishing scams that compel unsuspecting visitors to divulge sensitive information to a sight that appears entirely authentic – to the point that they even fool the security protocols built in to many browsers.
To this date there has not been a comprehensive list released of sites that may be affected by the theft of 531 codes, but several industry commentators have been cited claiming that they could include pages owned by Yahoo!, Skype, Twitter and Microsoft – as well as websites controlled by the CIA, Mossad and MI6.
Google's Online Security Blog has informed readers of the security measures taken by the search engine.
It states: "Based on the findings and decision of the Dutch government, as well as conversations with other browser makers, we have decided to reject all of the Certificate Authorities operated by DigiNotar."
In essence this means that the Dutch group will no longer have any of its SSL products recognised by Chrome – even those currently in use by genuine service providers.
Similar statements have been issued through Microsoft's Security Response Center and Mozilla's Security Blog, as both organisations seek to assure their clients that they are taking steps to seal any potential breaches.