Tuesday, September 6, 2011

CIA, MI6 & Mossad compromised since 2009?

Today's big story is NOT that CIA, MI6 or Mossad SSL certificates were hacked. Nor is it that the same SSL certificate hack opened up 300,000 Iranians to have their Gmail accounts spied upon. The news, buried at the end of the first story referenced above is:
Last week, Helsinki-based antivirus company F-Secure said it had found signs that DigiNotar's network had been compromised as early as May 2009.
The implications might appear too far-removed and esoteric for most of us. So below is a list of other fake certificates that were obtained. Check it out. Maybe you have a stake in this after all. Maybe you should become a proponent of legalized cyber privateering.  You use any of the following services?
*.*.com*.*.org*.10million.org*.android.com*.aol.com*.azadegi.com*.balatarin.com*.comodo.com*.digicert.com*.globalsign.com*.google.com*.JanamFadayeRahbar.com*.logmein.com*.microsoft.com*.mossad.gov.il*.mozilla.org*.RamzShekaneBozorg.com*.SahebeDonyayeDigital.com*.skype.com*.startssl.com*.thawte.com*.torproject.org*.walla.co.il*.windowsupdate.com*.wordpress.comaddons.mozilla.orgazadegi.comfriends.walla.co.illogin.live.comlogin.yahoo.commy.screenname.aol.comsecure.logmein.comtwitter.comwordpress.comwww.10million.orgwww.balatarin.comwww.cia.govwww.cybertrust.comwww.Equifax.comwww.facebook.comwww.globalsign.comwww.google.comwww.hamdami.comwww.mossad.gov.ilwww.sis.gov.ukwww.update.microsoft.com 

In addition, the attacker created rogue certificates for these names:
Comodo Root CACyberTrust Root CADigiCert Root CADigiCert Root CAEquifax Root CAEquifax Root CAGlobalSign Root CAThawte Root CAVeriSign Root CA 

No comments:

Post a Comment

Implementation suggestions for THE MORGAN DOCTRINE are most welcome. What are the "Got'chas!"? What questions would some future Cyber Privateering Czar have to answer about this in a Senate confirmation hearing?