DigiNotar are a Dutch certificate authority that were hacked recently. Their role in the grand scheme of the internet is to provide certificates allowing secure connections to websites (SSL/HTTPS as used on shopping websites etc). The hackers generated a number of fraudulent certificates and used them as part of an elaborate hack against Iranian Gmail users, amongst other things.

Browsers are provided with technology and/or “trust” lists to allow it to verify the authenticity of the website you are using, and rely on the sanctity of these certificate authorities like DigiNotar. What is interesting then, is how each browser manufacturer responds to these issues.

I would like to quote a section from Wikipedia on this issue:

In reaction, Microsoft removed the DigiNotar root certificate from its list of trusted certificates with its browsers on all supported releases of Microsoft Windows to protect its users. Likewise, Mozilla released new versions of its Firefox browser, revoking trust in the DigiNotar root certificate. Google Chrome was able to detect the fraudulent certificate, but Google still removed DigiNotar from the list of trusted certificate issuers. Opera always checks the certificate revocation list of the certificate’s issuer and did not need a security update. Safari and Mac OS X do not detect the certificate’s revocation, and users must use the Keychain utility to manually delete the certificate, then restart Safari, to clear DigiNotar certificates from the system.

In summary: Internet Explorer and Firefox jumped on the issue and have released updates to block access to these fraudulent certificates. Chrome and Opera didn’t even need an update because they detected the fraud automatically. Safari has done nothing, yet.

It’s hard to ignore the elephant in the room at this point, and while I’m not going to outright say it, perhaps you, yes you should consider your browser choice more carefully.

Entry created with Opera 11.5 on Ubuntu 11.04, and yes, I do feel a little smug.