How to identify & protect from hacked SSL MD5 certificates

12-31-2008, 04:51 AM

When I look at my "certificates" in Firefox, for Gmail, for example, it
says SHA1 fingerprint and MD5 fingerprint, e.g., for Thawte SGC CA (i.e.,
mail.google.com).

Does this mean this is a site that can easily be compromised?

If so, what do we do in Firefox 3.0.5 on Windows to protect from a spoofed
site?

12-31-2008, 06:44 AM

On Tue, 30 Dec 2008 22:18:30 -0800, (E-Mail Removed) wrote:

> Is there a way to protect ourselves today from this flaw?

I found the answer. Yes. We have to look inside the certificate to see the
"tumor", which is relatively easy to find once you know what to look for.

Mozilla did release an advisory
http://blog.mozilla.com/security/200...icate-forgery/

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
WPA Hacked?	Jack Simmons	Wireless Networks	7	11-14-2008 02:26 AM
wpa wireless hacked ?	Marky	Broadband	8	08-23-2005 02:19 PM
Micrsoft hacked ?????	Marky	Broadband	6	05-08-2005 01:38 PM
Is my wireless net being hacked?	Koogs	Broadband Hardware	1	10-19-2004 02:19 AM
hacked me? ? ?	Peter	Linux Networking	0	10-30-2003 03:00 PM