14 DAY TRIAL // A short while ago, the infamous ComodoHacker, also know as "ich sun", posted a message on his Pastebin account, in which he takes credit for the recent scandal surrounding DigiNotar.
In this latest post, the hacker warns the Internet community that he has access to 4 other high-profile CAs, among them being GlobalSign, a certification authority from the U.S. He threatens that he will use his power over the companies to issue false certificates, which will later become the weapon of his revenge against countries who deserve it.
In his own words, he said “I won't talk so many detail for now, just I wanted to let the world know that ANYTHING you do will have consequences, ANYTHING your country did in past, you have to pay for it...”
The post also reveals the reasons behind the attack launched upon the Dutch company. He claims that the hit was made to revenge the death of 8,000 Muslims who died 16 years ago because of the European government. For now he is satisfied with his deeds, as the loss of the $13 million which were paid for DigiNotar should compensate.
Even though he doesn't describe the exact methods used to break the online security measures of the CA, the hacker mentions that it would be a great lesson for other groups like Anonymous and LulzSec.
According to SC Magazine, Microsoft has also updated the Certificate Trust List (CTL) to remove any fake certificates.
An MSRC Engineering representative, Jonathan Ness, added that “However, we should note that systems having previously encountered DigiNotar certificates may have cached DigiNotar as a trusted root CA. This cached list is updated client-side every seven days. Therefore, the last date on which any attack targeting Internet Explorer users on Windows Vista and later platforms might possibly be successful is 5 September.”
Microsoft intends to release new updates for Windows XP and Windows Server 2003, which will add the rogue certificates to their Untrusted Certificate Store.