Overblog
Editer l'article Suivre ce blog Administration + Créer mon blog
7 septembre 2011 3 07 /09 /septembre /2011 22:08

As some people and I said earlier, a few Firefox extensions could be really useful regarding the Diginotar situation.

 

Here is what says Certificate Patrol after a few weeks of sleep (meaning not being used; until tonight):

 

Gmail_https_cert-patrol_070911.jpg

 

There is a clear warning about the fact that the renewal wasn't due yet...

 

But, even worse, as you can see, the Calomel extension turns now to orange! here is what it says:

 

gmail_calomel_070911.jpg

 

A weak symetric cypher, a weak hash, and a weak key length... well the certificate is said to be genuine this time, whereas it is most likely to be less secure that the former one?

Remember: the Calomel light used to be green about GMail...!

 

How could this be logical? I cannot assure the connection to GMail is more secure than during the DigiNotar operation!

 

 

Update 1 (8th of September):

 

Google API also running after a new certificate....

googleapis_cert-patrol_080911.jpg

 

Also encrypted.google.com, the one you use when you ask for "Google secured search engine":

encrypted-google_Cert-patrol_080911-copie-1.jpg

 

As you can see, Equifax provided the former certificate, but also the new one. This probably means Google doesn't want to take any risk, and changes every certificate; even if the Equifax' AC was not said to be compromised AFAIK.

BTW, keep in mind that the equifax.com domain was in the list of certificate-compromised websites.

See: https://isc.sans.edu/diary.html?storyid=11500&rss

 

And a last one: Google Analytics:

analytics_cert-patrol_080911.jpg

So Google apparently changes certificates even coming from its own AC... (Google Internet Authority).

 


 

==================================================

 

What about Facebook? well, just have a look at the warning below, still coming from Cert Patrol:

 

facebook_certificatge-patrol_080911.jpg

 

Bye VeriSign!

Partager cet article

Repost0

commentaires