Hacker steals 200 digital certificates

Hackers may have stolen the security certificates for Mozilla, Yahoo and the Tor project.

A DigiNotar spokesman has admitted to Computerworld  “several dozen” certificates had been acquired by the attackers.

But Hans Van de Looy, principal security consultant and founder of Madison Gurka, a Dutch security company claims the figure was closer to 200 and include ones valid for mozilla.com, yahoo.com and torproject.org.

A big cheese at the Mozorella Foundation has confirmed that a certificate for its add-on site had been obtained by the DigiNotar attackers and they have been revoked.

More than 247 certificates were blacklisted by Google’s Chrome browser so it looks like de Looy’s claim might have legs.

DigiNotar discovered the network breach on July 19, and has confirmed intruders issued themselves valid certificates for a number of domains and revoked them.

It is not clear how much damages the hackers did, or if it could still use the certificates to stage credible phishing attacks.