The just-released Firefox update
includes the note that "Firefox 3.6.16 and Firefox
3.5.18 blacklist a few invalid HTTPS certificates
on the subject is rather terse, but it does at least use the word
"fraudulent" instead of "invalid." Much more information can be found in
. "Last week, a smoking gun came into sight: A
Certification Authority appeared to be compromised in some capacity, and
the attacker issued themselves valid HTTPS certificates for high-value web
sites. With these certificates, the attacker could impersonate the
identities of the victim web sites or other related systems, probably
undetectably for the majority of users on the internet.
" There is
still quite a bit of uncertainty about what happened, but updating seems
like a good thing to do regardless.
to post comments)