tag:blogger.com,1999:blog-1600341619162257657.post456936338437456307..comments2022-03-29T20:22:11.456+05:30Comments on A Window: Firefox responds to fake certificate issuePhoenixhttp://www.blogger.com/profile/18150624810921348256noreply@blogger.comBlogger2125tag:blogger.com,1999:blog-1600341619162257657.post-16480348554335744412012-05-01T18:57:26.004+05:302012-05-01T18:57:26.004+05:30You are wrong. These certificates are not trusted....You are wrong. These certificates are not trusted. They are added purportedly to mitigate the threat.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-1600341619162257657.post-35011882920164185682011-09-19T17:30:30.591+05:302011-09-19T17:30:30.591+05:30My Firefox 6.0.2 installation is compromised and I...My Firefox 6.0.2 installation is compromised and I can't believe it is only me but I only see reference to DigiNotar.<br /><br />There are 10 certificates in my Firefox Certificate Manager that I have not added and I have tried to delete repeatedly. They purport to be issues by "UTN USERFirst Hardware Root CA, "http://www.usertrust.com".<br />They are for the following domains<br />addons.mozilla.com<br />kuix.de<br />login.live.com<br />login.skype.com<br />login.yahoo.com (three certs)<br />mail.google.com<br />www.google.com<br /><br />I am a qualified network security engineer (CCSP) with 10 years experience. I my opinion this represents an immediate threat to anyone trying to log on to domains above as they are susceptible to a man in the middle attack and compromise of their privacy. In the Middle East this could be life threatening. In the medium term this represents a very serious threat to e-commerce. Other browsers Internet Explorer 9, Chrome V14... show the certificates disabled (worryingly I can't seem to manage the certificates on Safari!).<br /><br />I am posting this to raise awarenessAnonymousnoreply@blogger.com