Stories
Slash Boxes
Comments

SoylentNews is people

posted by on Wednesday April 08 2015, @04:22AM   Printer-friendly
from the about-as-far-as-I-can-throw-you dept.

El Reg has published a story which discusses the steps Google and Mozilla are taking, in response to the apparent misuse of a China Internet Network Information Center (CNNIC) intermediate Cetificate Authority (CA) administered by MCS Holdings, who claim it was all just a big mistake.

Firefox-maker Mozilla has joined Google in refusing to recognize SSL certificates issued by the China Internet Network Information Centre (CNNIC).

This should not be a surprise since:

This comes after a security biz in Egypt used a CNNIC-issued intermediate certificate to create unauthorized SSL certs that could be used to trick people into connecting to bogus, password-stealing Gmail.com or Google.com websites.

As a result:

[A]ll Mozilla products – including the Firefox web browser and the Thunderbird email client, among others – will be updated so that all CNNIC-based certificates issued on or after April 1, 2015 are considered untrusted.

Mozilla said it also plans to ask CNNIC for a comprehensive list of all of its current valid certificates. Any certificates issued before April 1 that are not included on this whitelist will also be subject to potential "further action."

Microsoft has also revoked the suspect CNNIC intermediate CA:

Microsoft is updating the Certificate Trust list (CTL) to remove the trust of the subordinate CA certificate. The trusted root Certificate Authority, the China Internet Network Information Center (CNNIC), has also revoked the certificate of the subordinate CA.

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by takyon on Wednesday April 08 2015, @11:46AM

    by takyon (881) <reversethis-{gro ... s} {ta} {noykat}> on Wednesday April 08 2015, @11:46AM (#167804) Journal

    1. Wow Chrome has done that much direct damage to IE?
    2. Wow Firefox is sliding more than I thought.
    3. Wow Opera has increased since 2011 even with the engine change.
    4. Turning off mobile, tablet, and console does nothing to help Firefox.

    No wonder Microsoft is launching Spartan and IE side by side. I'm shocked that Chrome got to 50%. It must have been banner ads for the browser on Google homepages that did it. Monopoly abuse!!!

    I hope Vivaldi [wikipedia.org] makes things more interesting. Or Firefox default Tor.

    --
    [SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2  
  • (Score: 2) by WillR on Wednesday April 08 2015, @04:42PM

    by WillR (2012) on Wednesday April 08 2015, @04:42PM (#167895)

    I'm shocked that Chrome got to 50%. It must have been banner ads for the browser on Google homepages that did it.

    I would bet it's that got more to do with the way YouTube "just works" on Chrome without the headache of either updating Flash 3 times a week, or getting pwned Friday morning because you didn't update Flash on Thursday.

    • (Score: 2) by WillR on Wednesday April 08 2015, @06:20PM

      by WillR (2012) on Wednesday April 08 2015, @06:20PM (#167928)
      And posting that reminded me I haven't checked if Flash on my work machine needs an update yet this week.
      Yup. Vulnerable.
      Again.
    • (Score: 1) by kc on Thursday April 09 2015, @04:19PM

      by kc (5066) on Thursday April 09 2015, @04:19PM (#168390)

      Firefox and even Chrome seem to default to HTML5, not Flash, for Youtube videos. I just removed Flash entirely since getting tired of the constant updates.