Update: A Microsoft Security Advisory(2607712) indicates that the DigiNotar certificate has been removed from the Microsoft Certificate Trust List, meaning that all Windows Vista and Windows 7 system will be protected. No further action should be necessary. Windows XP and Windows Server 2003 users should keep an eye out for an update, or follow the directions below. Mac users: Follow these instructions to remove DigiNotar from your keychain. The powers that be have already leaped into action, and the certificate has been added to the certificate revocation list (CRL). This means that if you attempt to browse one of these phony redirected sites, you should be alerted that something is afoot. Mozilla will be releasing updates to Firefox, Thunderbird, and Seamonkey that will revoke trust in DigiNotar, effectively protecting users from this particular security compromise. In the meantime, you can manual revoke the DigiNotar root in Firefox (see instructions below). The latest version of Google Chrome should also be protected from the fraudulent certificate from DigiNotar, though there are measures you can take to make double-sure. Instructions below. The first step you should do is to ensure that you have the latest version of whichever browser you are using. Get it here:
Google ChromeInternet ExplorerFirefox
Securing Internet Explorer and Google Chrome from the Fake DigiNotar Certificate
These steps will add the phony certificate to your system as an Untrusted Certificate. This will affect both Internet Explorer and Chrome.
Step 1
Open up Notepad.exe.
Step 2
Go to http://pastebin.com/raw.php?i=ff7Yg663 and copy the text between the words BEGIN CERTIFICATE and END CERTIFICATE. Paste it into notepad.
Or, just copy and paste it from here: You can also just download the .cer file directly from us.
Step 3
Save it with a .cer extension. Not as a .txt file. Use something like badcert.cer. The icon looks like this in Windows 7:
Step 4
Open Control Panel and go to Internet Options. Click the Content tab. Click Certificates.
Step 5
Click the right-arrow along the top till you see Untrusted Publishers. Click Import.
Step 6
Browse to your badcert.cer file and import it.
Step 7
Place it in Untrusted Certificates. Click Next until complete.
Step 8
You’ll see DigiNotar’s certificate near the top.
Securing Mozilla Firefox from the Fraudulent DigiNotar Certificate
Mozilla has been totally awesome and on the ball here and has released official instructions for deleting the DigiNotar Certificate. Or, read on.
Step 1
Click the Firefox button or Tools and choose Options. Go to Advanced > Encryption and click View Certificates.
Step 2
Click Authorities and click the Certificate Name column to sort it alphabetically.
Step 3
Scroll down to DigNotar Root CA. Select it and click Delete or Distrust.
Revoking DigiNotar Certificate in OS X
These steps are the equivalent of the above for IE / Chrome, but for OS X. After completing these steps, you’ll receive a warning whenever a website is certified by DigiNotar, even if it’s not the bogus one we’ve pointed out. That’s actually not a bad idea since DigiNotar’s involvement with this whole mess puts them on serious notice.
Step 1
Go to Applications and choose Utilities. Launch KeyChain Access.
Step 2
In the Keychains pane, select System Roots.
Step 3
Find the DigiNotar entry on the right-hand pane.
Step 4
Click the i icon on the status bar for more information.
Step 5
Expand the Trust section. Under When using this certificate, change it to Never Trust. Enter your system password if prompted.
Conclusion
Hope these tips help all you groovyReaders stay safe! Let us know if you come across any other safety measures or have anything else to report. Comment Name * Email *
Δ Save my name and email and send me emails as new comments are made to this post.
