Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

Firefox and Internet Explorer pull trust in DigiCert Malaysia SSL certificates

Malaysian security authority has trust revoked after weak encryption found

Article comments

Mozilla and Microsoft said Thursday they are revoking trust in all certificates issued by Digicert, a Malaysian intermediate certificate authority, after it was found that it had issued 22 certificates with weak 512 bit keys and missing certificate extensions and revocation information.

The Malaysian company was issued an intermediate CA certificate in July, 2010 by Entrust, which was licensed for distribution with SSL (Secure Sockets Layer) and S/MIME (Secure/Multipurpose Internet Mail Extensions) certificates.

Entrust said in a bulletin on its website that it had been discovered that Digicert Malaysia has issued certificates with weak 512 bit RSA keys and missing certificate extensions. Entrust has revoked the 512 bit certificates issued by Digicert and made them available to major browser vendors to blacklist if found appropriate, it added.

Digicert in Malaysia does not have any relationship with the US-based DigiCert authority.

Digicert Malaysia could not be immediately reached for comment. It said on its website that it is at the centre of an effective trust model that the Malaysian government is creating to address the issue of information security, and the negative perception about online transactions. The company said it was licensed by the Malaysia government, and its "trust solutions are legally recognised under Malaysian law."

Entrust said it will revoke the intermediate CA certificate on or before Tuesday, to give Digicert Malaysia's customers a "modest amount of time" to replace their SSL server certificates. Entrust has meanwhile made the intermediate certificate available to the browser vendors for blacklisting.

The certificates in question were issued to a mix of Malaysian government websites and internal systems, Mozilla said in its security blog. "We do not believe other sites are at risk," it added.

Mozilla is revoking trust in all certificates issued by Digicert in Malaysia, while clarifying that it was not a Firefox specific issue, and the update will be in Firefox 8 and Firefox 3.6.24. Mozilla said the issue was reported to it by Entrust.

Firefox 3.6.24 is scheduled for release on November 8 while Firefox 8 will release on November 17, according to Mozilla.

Microsoft will revoke trust in Digicert Malaysia in an update to be released through Windows Update, said Jerry Bryant, group manager of response communications for Trustworthy Computing at the company, in a blog post.

"There is no indication that any certificates were issued fraudulently, however, these weak keys have allowed some of the certificates to be compromised," Bryant said. The compromised certificates could allow an attacker to impersonate the legitimate owner thus making the user believe they are trusting a website or signed software that was created for malicious use, he added.

Google is blocking serial numbers that correspond to the 22 certificates. As a larger measure, it plans to block the Digicert certificate by Tuesday, the date also decided upon by Entrust.

There is no evidence that the Digicert Malaysia certificate authorities have been compromised, Entrust said.


More from Techworld

More relevant IT news


Edwin said: MemalukanBolehlah kamu bersorak-sorak di bawah tempurung kamu sendiri betapa hebatnya Projek yang kamu lancarkanpadahal bagi orang luar Kamu tu Berotak kampung Macamlah ratio kes jenayah yang dilaporkan RENDAH sehingga Lebih SELAMAT dari Singapura ketawalah ENGKAU sendiri memang BODOH betul

website authority checker said: Ha Ha Ha Malaysia Boleh this may be akin to a professional body which used to be regarded with some respects in the transport industry Its standard of expections was high enough to see some 60 passes among the students To oblige the recognition of the Malaysian Gomen it then allowed a Bumiputra Institution to take over the local examination Presto every student seems to be able to pass provuded the fee is paid to a private institution whose self-proclaimed expertise allowed him to be bestowed a fellowship of the Insitute To make the story short the International body finally suspended the local chapter the right to conduct any examination Reason simple enough you pay you pass hence one can understand the mind-set on creating As in all local examinations and somehow these A-students seemed unable to achieve much at international level Yes some one said shiok sendiri syndrome has permeated through our DNA In every aspect of our endeavour we seem to believe the rest of the world is stupid enough for our bluff with our imagination of Malaysia Boleh

Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *