23,000 HTTPS Certificates will be axed in next 24 hours after private keys leak: In future, Trustico will flog Comodo HTTPS certificates rather than peddle Symantec-branded certs #AcePCHelpNews

#AceNewsDesk – Mar.01: Customers of HTTPS certificate reseller Trustico are reeling after being told their website security certs – as many as 23,000 – will be rendered useless within the next 24 hours #AceNewsDesk reports

This is allegedly due to a security blunder in which the private keys for said certificates ended up in an email sent by Trustico. Those keys are supposed to be secret, and only held by the cert owners, and certainly not to be disclosed in messages. In the wrong hands, they can be used by malicious websites to masquerade as legit operations……Unless the affected certificates are replaced in time, visitors to websites using Trustico-sold HTTPS certs will be turned away by their browsers, due to the digital certificates being revoked……The whole situation is a mess, and possibly the result of a turf war. Here’s what we’ve managed to ascertain.

What is Trustico?

Trustico, based in Croydon, UK, touted SSL/TLS certificates, which are used by websites to encrypt and secure their connections. It resold certs from the Symantec brand umbrella: Symantec, GeoTrust, Thawte, and RapidSSL. This umbrella is now owned and operated by DigiCert……If you wanted to buy, say, a RapidSSL-issued certificate, you could do so via Trustico. The HTTPS cert ultimately leads back, along a chain of trust, to DigiCert, a root certificate authority trusted by web browsers and other software. In turn, the website presenting the Trustico-sold cert is trusted, its traffic secured using encryption, and the reassuring green padlock is displayed in visitors’ browsers.

Why are the certificates being revoked?

According to DigiCert’s chief product officer Jeremy Rowley earlier today, Trustico told DigiCert in early February that its resold certificates had been “compromised,” and that the certs needed to be mass revoked as a result……DigiCert staff, we’re told, asked Trustico for more information on this security mishap. The reseller replied it had a copy of the private keys, which is usually grounds for revocation, and thus insisted that DigiCert revoke the certificates…….When pressed for evidence, Trustico on Wednesday simply emailed DigiCert 23,000 certificates’ private keys as proof it held this information, it is claimed. This forced DigiCert’s hand: under the rulebook of standards set by the elders of the certificate security and browser worlds, the Trustico-sold certificates had to be revoked as a precaution within 24 hours. Specifically, the ones with their private keys in the email will be canceled…….”Trustico has not provided any information about how these certificates were compromised or how they acquired the private keys,” explained Rowley…….”As is standard practice for a Certificate Authority, DigiCert never had possession of these private keys. Currently, we are only revoking the certificates if we received the private keys. There are additional certificates the reseller requested to have revoked, but DigiCert has decided to disregard that request until we receive proof of compromise or more information about the cause of this incident.”

On Twitter, Rowley continued: “I’ll likely be posting the private keys later once people have a fair chance to replace their certificates … The allegation of compromise, keys compromised, and request for revocation all came from Trustico.”…….Before you raise an eyebrow too high, by posting the private keys, Rowley plans to disclose self-signed certificates, produced using the private keys, to prove the secret information was sent to DigiCert without revealing the actual information in public. Some have already popped online as proof DigiCert received the secret keys from Trustico.

Alarm bells

To warn netizens to the upcoming mass revocation, DigiCert’s RapidSSL business sent out email alerts to Trustico customers urging them to get new HTTPS certificates or watch their sites go dark. Here’s a copy of the memo, passed to El Reg:

Screenshot of a RapidSSL customer email

Red alert … Click to enlarge

DigiCert also put out a blog post, giving its side of the story:

Trustico requested revocation of their Symantec, GeoTrust, Thawte and RapidSSL certificates, claiming the certificates were compromised. When we asked for proof of the “compromise,” Trustico did not provide details on why they were requesting the immediate revocation. Trustico’s CEO indicated that Trustico held the private keys for those certificates, and then emailed us approximately 20,000 certificate private keys.

When he sent us those keys, his action gave us no choice but to act in accordance with the CA/Browser Forum Baseline Requirements, which mandate that we revoke a compromised certificate within 24 hours. As a CA, we had no choice but to follow the Baseline Requirements.

Following our standard revocation process, we gave notice via email to each certificate holder whose private keys had been exposed to us by Trustico, so they could have time to get a replacement certificate.

Now, over to Trustico.

Upset and denials

We asked the Brit biz for comment, and had yet to hear back at time of writing. However, posting on Mozilla’s security policy newsgroup, Trustico product manager Zane Lucas was clearly upset that DigiCert sent out the above alert…….”We didn’t authorise DigiCert to contact our customers and we didn’t approve the content of their email,” wrote Lucas.

“At no time had any private keys been compromised, nor had we ever informed to you that any private keys had been compromised. During our many discussions over the past week we put it to you that we believe Symantec to have operated our account in a manner whereby it had been compromised. Your usage of the word compromise has been twisted by you to your benefit and is absolutely defamatory.”…….To put this in context: Trustico was fed up with using Symantec certs, and on February 13, it formally abandoned the umbrella of brands – ahead of Google Chrome and Mozilla Firefox officially distrusting the certificates due to past security fumbles by Symantec. Trustico said it had complained privately to Symantec of long-running concerns over the security safeguards on Symantec-branded of certificates, hence Lucas’ reference to its Symantec account.

Although Lucas stressed the private keys for Trustico’s resold certificates were not compromised, it did, according to DigiCert, email a copy of 23,000 of them to the root authority seemingly to trigger their revocation. At that point, DigiCert considered the certificates at risk, and started the countdown clock to cancel them……..Trustico and DigiCert have clearly majorly fallen out, with the pair going their separate ways this month amid the behind-the-scenes drama. It even appears Trustico tried to stop DigiCert from using its online portal to send out today’s emailed warning:

In future, Trustico will flog Comodo HTTPS certificates rather than peddle Symantec-branded certs. Cynics have suggested the Brit reseller ordered the revocation of its Symantec-umbrella certs so it could drive its customers onto Comodo certificates, and thus avoid the looming Google Chrome HTTPS certificate apocalypse without losing many, if any, punters. In effect, website owners have been caught up in a turf war between Trustico and DigiCert………How did Trustico get the private keys to certificates it resold? We don’t know for sure – but it did, and still does, offer an online private key generator for certificates. Just saying…….In an email sent to customers a few hours ago, and seen by The Register, Trustico said it will provide free certificates to replace the soon-to-be-nuked SSL/TLS certs:

Recently we wrote to you to let you know that we are no longer offering Symantec, GeoTrust, RapidSSL and Thawte branded SSL Certificates. Unfortunately, Google Chrome has decided to distrust these SSL Certificates. It’s important to us that you SSL Certificate continues to function as normal, and not be compromised by the distrust of the Symantec brands. It is now required that you replace any existing distrusted SSL Certificate with one that is trusted by all web browsers.

Rest assured, there hasn’t been any type of compromise of our systems. However, Symantec brands will cease to function correctly due to Google Chrome’s decision to distrust them.

Recently DigiCert acquired the Symantec SSL Certificate division and subsequently an e-mail was sent by DigiCert to some of our SSL Certificate customers advising of the revocation of their distrusted SSL Certificate. We didn’t authorise this e-mail to be sent and had specifically disabled it within the DigiCert system. We understand that the e-mail sent about your distrusted SSL Certificates may be confusing. It’s important that you take the opportunity to replace your SSL Certificate as soon as possible.

We’re providing free replacement of affected SSL Certificates. To enable a free replacement, you’ll receive an e-mail report today if you have affected SSL Certificates. Your report will contain a unique coupon code for each affected SSL Certificate. When you replace your distrusted SSL Certificates using your unique coupon codes you’ll receive extra validity free of charge. If you have any questions please feel free to reply to this e-mail.

Meanwhile, DigiCert said it, too, will offer free replacement certs to folks using Symantec-branded HTTPS certificates, which will be ignored by web browsers later this year. And, of course, don’t forget you can grab free HTTPS certificates from Let’s Encrypt that all major browsers trust……..Today has been marred with confusion. Trustico’s customer support lines have been jammed with complaints and queries, following DigiCert’s email alerts. Reg readers told us they felt left in the dark. Perhaps it’ll all be clearer in a few hours, when the dust has settled – and the certs have been nuked. ® 23,000 HTTPS Certs Will Be Axed In Next 24 Hours Amid Bitter Turf War Trustico, DigiCert come to blows as browsers prepare to snub Symantec-brand SSL By John Leyden 1 Mar 2018 at 00:43

Editor says #AceNewsDesk reports & #Brittius says are provided by Sterling Publishing & Media News and all our posts, links can be found at here https://t.me/acenewsdaily and thanks for following as always appreciate every like, reblog or retweet and free help and guidance tips on your PC software or need help & guidance from our experts AcePCHelp.WordPress.Com or you can follow our breaking news posts on AceBreakingNews.WordPress.Com or become a member on Telegram https://t.me/acebreakingnews

Advertisements

WordPress Users Warned of Malware Masquerading as ionCube Files: Researchers have found sneaky encoded malware targeting WordPress and Joomla sites that pretends to be ionCube files #AcePCHelpNews

#AceNewsDesk – Mar.01: Security researchers are warning WordPress and Joomla admins of a sneaky new malware strain masquerading as legitimate ionCube files. The malware, dubbed ionCube Malware, is used by cybercriminals to create backdoors on vulnerable websites allowing them to steal data or plant more malware #AceNewsDesk reports

In the two weeks since it was first discovered, researchers said that the malware has been found on over 800 mostly small business websites running the CMS platforms WordPress, Joomla and CodeIgniter. According to SiteLock, which found the malware, it is unique because the malware is both encoded and formatted to look like a legitimate ionCube file.

IonCube is a commercial PHP scrambler that turns text-based PHP files – used to create dynamic content on websites – into an undecipherable code often to hide the intellectual property associated with licensed PHP files.

Weston Henry, lead research analyst at SiteLock, said the ionCube Malware is similar to malicious base64 encoded PHP eval requests that target website PHP functions and hide inside rogue CMS plugins. Eval is a PHP function capable of executing arbitrary PHP code and often used by hackers to create website backdoors.

“This specific tactic we have never seen before. We have seen a ton of malware samples that have tried to look like specific Joomla or WordPress files. But ionCube is a legitimate encoding and encrypting tool,” Henry said. “So when bad guys obfuscate malware inside fake ionCube files, it amounts to creating eval backdoor access to a website.”

Henry said that it’s unclear how the 800 sites became infected with the ionCube malware, although he suspects that it was likely tied to the use of out-of-date CMS plugins or platform software. “From what we’ve seen, there’s no reason to think that this (malware) couldn’t impact any site that had a vulnerability that a bad actor could identify and compromise.”

“This is particularly hard to identify, especially for any site that might already be using ionCube services,” Henry said.

Researchers said samples identified were named “diff98.php” and “wrgcduzk.php” and found in the WordPress core directories. Upon further inspection, malicious ionCube file code contain subtle differences such as a bogus “il_exec” line rather than the legitimate “_il_exec” line.

“From our findings, there’s a reference to the ioncube.com domain name in some form or another in every legitimate ionCube file, but it is not present in the fake files. Also notice that the fake file has a code block after the PHP closing tags, much like the legitimate ionCube file. But unlike the real file, this code block consists only of alphanumeric characters and newlines,” according to an upcoming SiteLock blog outlining its research.

As for mitigation, besides more heavily scrutinizing ionCube files, SiteLock suggests sites update all CMS plugins and software: // Threatpostby Tom Spring February 27, 2018 , 2:52 pm

Editor says #AceNewsDesk reports & #Brittius says are provided by Sterling Publishing & Media News and all our posts, links can be found at here https://t.me/acenewsdaily and thanks for following as always appreciate every like, reblog or retweet and free help and guidance tips on your PC software or need help & guidance from our experts AcePCHelp.WordPress.Com or you can follow our breaking news posts on AceBreakingNews.WordPress.Com or become a member on Telegram https://t.me/acebreakingnews

#ALERT January 2018 Patch Tuesday security updates fix a zero-day vulnerability in MS Office #AcePCHelp News report

#ALERT 10/01/17: January 2018 Patch Tuesday security updates fix a zero-day vulnerability in MS Office #AceNewsDesk reports

http://ift.tt/2CPnxMp #AcePCHelpNews

Editor says #AceNewsDesk reports & #Brittius says are provided by Sterling Publishing & Media News and all our posts, links can be found at here https://t.me/acenewsdaily and thanks for following as always appreciate every like, reblog or retweet and free help and guidance tips on your PC software or need help & guidance from our experts AcePCHelp.WordPress.Com or you can follow our breaking news posts on AceBreakingNews.WordPress.Com or become a member on Telegram https://t.me/acebreakingnews

Apple is launching a new iOS software update, dubbed iOS 11, on September 19 that will bring several new features to iPhones and iPads, here is how you install it #AcePCHelp reports

Apple is launching a new iOS software update, dubbed iOS 11, on September 19 that will bring several new features to iPhones and iPads, including support for augmented reality apps, an improved version of Siri with a more realistic voice, and a file management app for the iPad #AceNewsDesk reports

Apple announced at its iPhone event on September 12 that it would release the update on September 19…….While it hasn’t said precisely when users should expect the upgrade, Apple usually pushes out new software releases around 1:00 p.m. ET……..Here’s how to upgrade: Backup your iPhone or iPad before upgrading……Your Apple device likely won’t encounter any issues when updating, but on the off chance your device does, having a backup means you won’t lose any of your data…….To initiate a backup, open the Settings menu and tap the area where your name and Apple ID are displayed. Then, choose “iCloud,” tap “iCloud Backup,” and select “Back Up Now.” Here, you’ll also see the last time your device has been backed up.…….Once your iPhone or iPad is backed up, you’re ready to download and install the update…..To start the process, open the Settings menu on your mobile device and tap “General.”Next choose “Software Update.” This will prompt your device to check for updates.Tap “Download and Install” to start the upgrade process….. And if you want to see more details about the update before installing, you can do so by pressing the “Learn More” option #AceNewsDesk reports are provided by Sterling Publishing & Media News

EDITOR: Thanks for following as always appreciate every like, reblog or retweet for all our daily news and minute by minute 24-hours a day on https://t.me/acenewsdaily and free help and guidance tips are on AcePCHelp.WordPress.Com or you can follow our news posts on AceBreakingNews.WordPress.Com or become a member on Telegram https://t.me/acebreakingnews

Researcher Discloses 10 Zero-Day Flaws in D-Link 850L Wireless Routers #HackersNews #AcePCHelp reports

#AceSecurityNews – Sept.16: A security researcher has discovered not one or two but a total of ten critical zero-day vulnerabilities in routers from Taiwan-based networking equipment manufacturer D-Link which leave users open to cyber attacks #AceNewsDesk reports

https://t.me/TheHackerNewsRSS/333 …..D-Link DIR 850L wireless AC1200 dual-band gigabit cloud routers are vulnerable to 10 security issues, including “several trivial” cross-site scripting (XSS) flaws, lack of proper #AceNewsDesk reports are provided by Sterling Publishing & Media News

EDITOR: Thanks for following as always appreciate every like, reblog or retweet for all our daily news and minute by minute 24-hours a day on https://t.me/acenewsdaily and free help and guidance tips are on AcePCHelp.WordPress.Com or you can follow our news posts on AceBreakingNews.WordPress.Com or become a member on Telegram https://t.me/acebreakingnews

#Linux Today, GNOME 3.26 codenamed “Manchester” sees new release its chock full of improvements in readiness for release of #Ubuntu 17:10 which is due next month #AcePCHelp reports

GNOME 3.26 Released: It is chock full of improvements, such as a much-needed refreshed settings menu, enhanced search, and color emoji! Yes, Linux users like using the silly symbols too! “System search has been improved for GNOME 3.26″#AcePCHelp reports

Published on September 14, 2017
BetaNews Report: Results have an updated layout which makes them easier to read and shows more items at once……….Additionally, it’s now possible to search for system actions, including power off, suspend, lock screen, log out, switch user and orientation lock………(Log out and switch user only appear if there’s more than one user………..Orientation lock is only available if the device supports automatic screen rotation.)……These search features can be accessed in the usual way: click Activities and type into the search box, or simply press ‘super‘ and start typing,” says the GNOME Project. The full release notes are available here: When people think of Linux-based operating systems, they often imagine people typing in a terminal or coding in a basement while drinking Mountain Dew — yeah, those stupid old stereotypes still exist, sadly. While that is surely part of the user base, other users choose an open source operating system for nothing more than using their computer as a tool. In other words, some folks use Ubuntu, Fedora, or other distros just to get normal stuff done — word processing, web surfing, and more. No terminal. No coding. No religious-like experiences.

For these Linux users, and others, the desktop environment sort of is the operating system. It is how they interact with their computer and launch their apps — what’s under the hood doesn’t necessarily matter. For many, GNOME 3 is their preferred environment, and for good reason — it is beautiful, intuitive, and getting better all the time. Today, GNOME 3.26 codenamed ‘Manchester’ sees release. It is chock full of improvements, such as a much-needed refreshed settings menu, enhanced search, and color emoji! Yes, Linux users like using the silly symbols too!

“System search has been improved for GNOME 3.26. Results have an updated layout which makes them easier to read and shows more items at once. Additionally, it’s now possible to search for system actions, including power off, suspend, lock screen, log out, switch user and orientation lock. (Log out and switch user only appear if there’s more than one user. Orientation lock is only available if the device supports automatic screen rotation.) These search features can be accessed in the usual way: click Activities and type into the search box, or simply press ‘super’ and start typing,” says the GNOME Project.

ALSO READ: GNOME desktop environment for Linux and BSD is 20 years old today

The project further says, “GNOME 3.26 introduces a new layout to the Settings application. The previous grid of icons is gone and, in its place, a sidebar allows switching between different areas. The new sidebar makes it much easier and quicker to navigate the settings application and places the most commonly used settings within easy reach. It also means that the Settings window is now bigger and can be resized, which is more comfortable in a lot of situations. GNOME’s network settings have been improved as part of this work: Wi-Fi now has its own dedicated settings area and network settings dialogs have been reworked, so that they are neater, clearer and easier to use.”

color_emoji_gnome

GNOME 3.26 has many other changes (24,105 actually!), with just some listed below. You can read the full release notes here.

  • Windows now smoothly transition when they are maximized, unmaximized or snapped to one half of the screen. As well as looking good, this makes it easier to track what’s happening on screen.
  • The size of window thumbnails has been increased in the Activities Overview, making it easier to pick the window you want.
  • The top bar now becomes transparent when there aren’t any maximized windows. This is more attractive and gives a better sense of space.
  • The dialogs which inform you when an application isn’t responding have a new style, making them look more integrated and refined.Boxes, the GNOME application for virtual and remote machines, now allows folders to be shared between a virtual machine and your computer. To use this feature, just select which folders you want to share from the box settings, and they will appear as network locations in the guest.
  • In Software, updates are now grouped by type and provide more accurate progress information when being installed.
  • Simple Scan, the GNOME application for scanning images and documents, has had some interface improvements for 3.26. A new start screen provides some useful guidance, editing tools are easier to identify and preferences can be accessed from the header bar.
  • Logs now groups similar messages together, which makes the history much shorter, making it easier to find what you’re looking for.
  • Polari — the IRC application — has a new initial setup assistant, which makes it easy to get connected and start chatting.
  • When you resize a file system in Disks it’s now possible to also resize its partition, which often saves an extra task.
  • Maps has a collection of small improvements: there are new keyboard shortcuts, more information is shown about places and the last transportation method is remembered when plotting routes.
  • GNOME’s calendaring, contacts, to do and mail applications now perform better offline — many items can now be edited when you don’t have an internet connection, and any changes will be uploaded the next time you are online.
  • Photos has new controls for zooming.
  • It’s now possible to add and edit reoccurring events in Calendar.
  • Terminal now highlights and makes it easy to open hyperlinks.
  • In Evolution, the new To Do bar allows you to view a list of upcoming events and tasks. Also, it’s now possible to use Evolution without having a mail account.
  • Tweak Tool has been renamed to Tweaks and has gained three new settings: a switch to move window buttons to the left or right, a Disable While Typing option for touchpads and an option to show the battery percentage in the top bar. There has also been a good amount of clean up and refinement.

cake_ubuntu_GNOME

The easiest way to try GNOME 3.26 is to wait for the desktop environment to become available for your favorite Linux distribution. Ubuntu users, for instance, won’t have to wait long; GNOME 3.26 will be the default DE for version 17.10 which is due next month. Users of other Linux-based operating systems might have a longer wait, unfortunately #AcePCHelp reports are provided by Sterling Publishing & Media News

EDITOR: Thanks for following as always appreciate every like, reblog or retweet for all our daily news and minute by minute 24-hours a day on https://t.me/acenewsdaily and free help and guidance tips are on AcePCHelp.WordPress.Com or you can follow our news posts on AceBreakingNews.WordPress.Com or become a member on Telegram https://t.me/acebreakingnews

#Firefox57 Will Hide Search Bar and Use a Uni-Bar Approach, Like Chrome: Mozilla will drop an iconic section of its UI — the search bar — and will use one singular input bar atop the browser, similar to the approach of most Chromium browsers #AceNewsDesk reports

#AcePCHelp – Sept.09: This change will go live in #Firefox57, scheduled for release on November 14, and will be part of Photon — the codename used to describe Firefox’s new user interface (UI) — also scheduled for a public release in v57. Mozilla engineers aren’t removing the search bar altogether, but Firefox will hide this UI element by default #AceNewsDesk reports

Published on September 09, 2017 at 03:00AM: Bleeping Computer Report: Users can still re-enable it by going to “Preferences -> Search -> Search Bar” and choosing the second option…….The current Firefox search bar is redundant since most of its features can be performed by the URL address bar…..#AceNewsDesk reports are provided by Sterling Publishing & Media News

EDITOR: Thanks for following as always appreciate every like, reblog or retweet for all our daily news and minute by minute 24-hours a day on https://t.me/acenewsdaily and free help and guidance tips are on AcePCHelp.WordPress.Com or you can follow our news posts on AceBreakingNews.WordPress.Com or become a member on Telegram https://t.me/acebreakingnews