Editer l'article Suivre ce blog Administration + Créer mon blog
7 septembre 2011 3 07 /09 /septembre /2011 22:08

As some people and I said earlier, a few Firefox extensions could be really useful regarding the Diginotar situation.


Here is what says Certificate Patrol after a few weeks of sleep (meaning not being used; until tonight):




There is a clear warning about the fact that the renewal wasn't due yet...


But, even worse, as you can see, the Calomel extension turns now to orange! here is what it says:




A weak symetric cypher, a weak hash, and a weak key length... well the certificate is said to be genuine this time, whereas it is most likely to be less secure that the former one?

Remember: the Calomel light used to be green about GMail...!


How could this be logical? I cannot assure the connection to GMail is more secure than during the DigiNotar operation!



Update 1 (8th of September):


Google API also running after a new certificate....



Also encrypted.google.com, the one you use when you ask for "Google secured search engine":



As you can see, Equifax provided the former certificate, but also the new one. This probably means Google doesn't want to take any risk, and changes every certificate; even if the Equifax' AC was not said to be compromised AFAIK.

BTW, keep in mind that the equifax.com domain was in the list of certificate-compromised websites.

See: https://isc.sans.edu/diary.html?storyid=11500&rss


And a last one: Google Analytics:


So Google apparently changes certificates even coming from its own AC... (Google Internet Authority).





What about Facebook? well, just have a look at the warning below, still coming from Cert Patrol:




Bye VeriSign!

Partager cet article