[ajbrown]

I read this today over coffee and figured I would share with TOTV. No need to panic, but worth making sure your system is updated. In summary someone was able to create 9 phony SSL certificates, some for domain names we know like google, yahoo, etc. You need to update your CRL (certificate revocation list). Microsoft has released an update (KB2524375). I am looking if this automatically takes care of Firefox or Chrome or if they need to be updated separately.

Here is the info at Microsoft:

http://www.microsoft.com/technet/sec...y/2524375.mspx
http://support.microsoft.com/kb/2524375

From the article:

SSL Certificates are the Internet equivalent of drivers' licenses, said Paul Turner, the vice president of products and customer solutions at Venafi, an Enterprise Key and Certificate Management firm. The bogus certificates could be used in phishing or man in the middle attacks against organizations that haven't updated their certificate revocation lists, he said. They could also be used to sign applications and plug ins, he said

.

Full article here:

http://threatpost.com/en_us/blogs/ph...-others-032311

[K9-Lovers]

Thank you! My computer alerted me this morning to a new update, which I downloaded. So I just checked the number and it is the fix you mention: KB2524375.

Thank you for alerting us.

[JohnXI]

Or if you have a router and are vaguely technically cognisant you could just use OpenDNS, free. Info from http://www.opendns.com/solutions/overview/ Solves phishing among other lurgies. Enjoy.