Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
Security IT Apple

Apple Criticized For Not Blocking Stolen Certs 154

Posted by samzenpus from the I-am-disappoint dept.
CWmike writes "A security researcher is criticizing Apple for lagging with its response to the DigiNotar certificate fiasco. He is urging the company to quickly update Mac OS X to protect users. 'We're looking at some very serious issues [about trust on the Web] and it doesn't help matters when Apple is dragging its feet,' said Paul Henry, a security and forensics analyst with Lumension. Unlike Microsoft, which updated Windows on Tuesday to block all SSL certificates issued by DigiNotar, Apple has not updated Mac OS X to do the same. Meanwhile, even Mac OS X users who want to go DIY are stymied, reports Bob McMillan, because the OS can't properly revoke dodgy digital certificates."
This discussion has been archived. No new comments can be posted.

Apple Criticized For Not Blocking Stolen Certs More

Apple Criticized For Not Blocking Stolen Certs

Comments Filter:

  • Not just Apple... (Score:4, Interesting)

    by Amarantine ( 1100187 ) on Friday September 09, 2011 @02:49AM (#37348838)

    At the request of the Dutch government, Microsoft is delaying the update in the Netherlands (home of DigiNotar) until next week, to avoid confusion (and to buy the government more time to roll out new certs).

    I feel much safer now, knowing our government has the power to stop Microsoft from rolling out security updates in a country.

  • Certificate revocation (Score:5, Interesting)

    by wvmarle ( 1070040 ) on Friday September 09, 2011 @02:55AM (#37348858)

    The biggest issue that has come to light here imho is that it's nigh impossible to revoke an issued certificate. When a certificate is out, and it's signed by a trusted CA, there is basically no way to revoke it. Revoking involves updating browsers, or even complete operating systems (like Windows or OS-X). Just because one CA made a small mistake, got hacked for whatever reason, and the whole world has to update their software.

    Errors will be made. Certificates will be issued erroneously by a CA, or through hacking. Certificates will be lost/stolen. But for some reason there is no proper way in the whole system to fix that kind of errors. If we let it be, it's just a matter of time before the whole system crumbles and nothing can be trusted any more.

    Any thoughts on this? Any ideas on how this could be fixed?

  • Always the same from Apple (Score:3, Interesting)

    by Anonymous Coward on Friday September 09, 2011 @03:08AM (#37348914)

    They lack in security and fixing exploits, and yet, they like to brag about somehow being "more secure" than Windows.

    Oh, and Microsoft I believe already released a patch... yesterday? Tuesday?

  • Hard Info and Tools (Score:4, Interesting)

    by plsuh ( 129598 ) <plsuh@noSpAM.goodeast.com> on Friday September 09, 2011 @07:28AM (#37349844) Homepage

    Folks,

    I have detailed info and tools on my website at

    http://ps-enable.com/articles/diginotar-revoke-trust [ps-enable.com]

    The short story is that it is possible to protect yourself, but it requires deleting the DigiNotar root cert(s), then revoking trust on the two roots plus four intermediates.

    --Paul

Slashdot Top Deals

The moon is made of green cheese. -- John Heywood

Close