Thursday, 29 September 2011

Secure Your Mac Against Fraudulent SSL Certificates

Summary:


[[Image:SSLmainimage.jpg|630px|thumb|left|Stave off Gmail hack attempts by changing a simple setting. Photo by jeff_golden/[http://www.flickr.com/photos/jeffanddayna/4146023669/ flickr]/CC]]

<br clear="all" />

==The Problem==

Dutch SSL certificate authority (CA) [http://www.diginotar.com/ Diginotar] issued a fraudulent certificate for *google.com in August 2011. This means that hackers can, and have been, impersonating Gmail with a "[http://en.wikipedia.org/wiki/Man-in-the-middle_attack man in the middle]" attack. The certificate is believed to have been issued by Iranian agents after they hack Diginotar. The exploit may have been used to spy on Iranian citizens' e-mail.

==Why Should You Fix It?==

SSL is the encryption used to secure your communications with banks, e-mail providers and anything else you don't want to be snooped. A rogue certificate will cause your computer to think it has contacted a trusted website, when in fact you're hooking up with a phony.

Here's a quick guide to making sure your computer knows who it's dealing with.

==Mark the Certificate as Untrusted==

On the Mac, certificates are stored in your keychain. To edit them, open up keychain access. You'll find it in your Utilities folder, inside the Applications folder:

/Applications/Utilities/Keychain Access.app

[[Image:Keychain access.png|630px|thumb|left]]
<br clear="all" />

Fire it up, and type "Diginotar" into the search box. You should get one result. We're going to revoke the entire Diginotar certificate authority.

[[Image:Pre-fix.png|630px|thumbleft]]
<br clear="all" />

Click on the certificate and click the "i" at the bottom of the window. You'll see this.

[[Image:The edit.png|630px|thumbleft]]
<br clear="all" />

Click the "Trust" arrow and you'll reveal these options. You only have to change the first one from "System Defaults" to "Never Trust."

[[Image:Changing.png|630px|thumb|left]]
<br clear="all" />

[[Image:Never trust.png|630px|thumb|left]]
<br clear="all" />

When you close this window, you'll be prompted for your admin password. Enter it, and you're done. You might want to check that your changes have worked. The window should now look like this:

[[Image:Done.png|630px|thumb|left]]
<br clear="all" />

You may have to click away and then back again to refresh the window.

Congratulations: You are now a little safer. Thanks to Coriolis for [http://www.coriolis-systems.com/blog/2011/08/diginotar-certificate-security.php this how-to].

''Original post by Charlie Sorrel, Wired.com.''

[[Category:Security]]
[[Category:Fraud Protection]]
[[Category:Computers]]


Source: http://feeds.wired.com/~r/howtowiki/~3/SYZCeEACY4M/Secure_Your_Mac_Against_Fraudulent_SSL_Certificates

newest gadgets 2010 tech gadget gadgets for blogs blogspot gadgets

No comments:

Post a Comment