VERT Alert - March 24, 2011

- Mar 24, 2011 -

March 24, 2011 10:50 PT

The Tripwire VERT Alert is brought to you by Tripwire VERT, Tripwire’s research team. VERT Alerts are distributed for Microsoft Patch Tuesday and for significant security threats.

Today’s VERT Alert will provide information regarding fraudulent digital certificates that were obtained during the compromise of a Comodo affiliate. The incident occurred on March 15th, and was made public this week. Microsoft has issued a security advisory1 notifying users of the issue and linking to KB2524375, which contains an update for this issue on supported Microsoft Operating Systems.

Fraudulent certificates were issued for the following domains:

  • login.live.com
  • mail.google.com
  • www.google.com
  • login.yahoo.com
  • login.skype.com
  • addons.mozilla.org

These certificates could be used to spoof the identity of the sites listed above, however the risk of this is mitigated by the limited set of circumstances that could lead to an attack scenario. The attacker would need to perform a man-in-the-middle attack (e.g. DNS compromise, ARP poisoning) or own the network.

Microsoft Update

Microsoft has released a Knowledge Base article2 that contains a download which will add the 9 fraudulent certificates to the untrusted certificate store. VERT will be shipping detections of systems lacking this security update to Tripwire customers in our upcoming ASPL-394 release.

Mozilla Update

Mozilla has released updates to Firefox 3.5 and 3.6, described in MSFA 2011-113. VERT will be shipping detection of this update to Tripwire customers in ASPL-395.

As always VERT recommends that you apply all the patches as soon as possible but also that you fully vet patches (when possible) before applying them to production systems.

All data and commentary is based on information available when the VERT Alert is published.

About Tripwire, Inc.
Tripwire is a leading global provider of IT security and compliance automation solutions that help businesses, government agencies, and service providers take control of their physical, virtual, and cloud infrastructure. Thousands of customers rely on Tripwire's integrated solutions to help protect sensitive data, prove compliance and prevent outages. Tripwire VIA™, the integrated compliance and security software platform delivers best-of-breed file integrity, policy compliance and log and event management solutions, paving the way for organizations to proactively achieve continuous compliance, mitigate risk, and ensure operational control through Visibility, Intelligence and Automation. Learn more at www.tripwire.com and @TripwireInc on Twitter.