In the mist of #antisec and on the heels of the Vegas Hacker/Security conferences, another CA (DigiNotar) was hacked. This time the hackers got Google’s security certificates. With that criminals could use a technique known as a Man in the Middle attack to impersonate google and nothing can stop them. Personally i have heard @ioerror rant about the fundamental flaws of our present SSL system. Perhaps this will help bring about a change more quickly but for now we can blacklist the offending certificates. here is how (on a mac)
To protect Safari, the solution is, apparently, to run Applications/Utilities/Keychain Access, click on “System Root” on the upper-left, and “All items” on the lower-left, then type “DigiNotar” into the upper-right searchbox, then doubleclick on all the certs that show up (you may only have one), open the “Trust” detail area, and change “When using this certificate” to “Never Trust”, then close the dialog box.
For Firefox users, go to Firefox’s Preferences, click on Advanced, then the Encryption tab, then click on “View Certificates”, click on the “Authorities” tab, scroll down to DigiNotar, click on “DigiNotar Root or CA”, then click on “Delete…” or “Delete or Distrust…” below (depends on your version).
Read more here:
http://www.computerworld.com/s/article/9219606/Hackers_stole_Google_SSL_certificate_Dutch_firm_admits?taxonomyId=85