Have you noticed a lot of update notifications lately? I certainly have -- over the past couple of days, I received update notices from Adobe, Firefox and Microsoft. In fact, this morning, when Adobe notified me of an update, I could have sworn I just did one recently.
Turns out there is a reason for all the updates. One involves fraudulent distribution of SSL certificates to Web domains like Google, Yahoo, Microsoft and Skye. The fake certificates fool users into thinking they are at a legitimate site when they are not. According to a blog on Threat Post:
Comodo, of Jersey City, New Jersey, said, in a statement on its Web page, that an attacker was able to obtain the user name and password of a Comodo Registration Authority (RA) based in Southern Europe and issue the fraudulent certificates. The company said the hack did not extend to its root keys or intermediate certificate authorities, but did constitute a serious security incident that warranted attention.
ZDNet UK reported that Mozilla updated Firefox in response to the fake SSL certificates, as did Google for its Chrome browser.
The attack is believed to have come from Iran.
As I mentioned, Adobe, too, has recently issued an update. As reported by Trusteer:
The update comes a week after Adobe warned that a number of miscreants were exploiting the Flash vulnerability to launch targeted attacks on users. The concept of targeted attacks against users is gaining momentum, including the use of this technique to punch through the security defences of organizations. This week, for example, we've seen a lot of coverage about yet another targeted attack against a large enterprise -- RSA.
I highly recommend reading the Trusteer blog, which explains in detail how these attacks work and what happens.
To quote the cop from "Hill Street Blues": "Be careful out there. The bad guys are certainly busy."