Ich Sun is back, claiming the #MostSophisticatedHackOfAllTime

You may have read my comodogate article back in March where I reported that the comodogate hacker, going by the name Ich Sun told me “…there is a lot of vulnerable CAs, I got some other stuff”. Well, in the last 24 hours he claims to have been responsible for the DigiNotar compromise and a few minutes ago provided another update; in these updates he reveals that as a 21 year old Iranian, he has compromised another 4 certificate authorities (CAs) as well as reverse engineered windows update (update your windows here). What do these hacks do? He can impersonate any secure website he wishes, which includes impersonating google and gmail which has already been seen in the wild using these certificates. The certificate authority model that secures the internet as we know it today will change as a result of this, so it has some serious impact.

What can you do?

• Update your Windows update
• Upgrade your browser (Firefox, Chrome, Opera, Safari, Internet Explorer etc) to the latest version! (all major browsers have removed the DigiNotar CA in their latest release)

If you’re on twitter, I’ve found the most interesting discussion on the topic between [Kevin S McArthur](https://twitter.com/#!/kevinsmcarthur), [Moxie Marlinspike ](https://twitter.com/moxie__)and [Marsh Ray](https://twitter.com/#!/marshray), although it’s fairly technical in nature due to the complexity of this attack. Otherwise, stay tuned here for updates, or [ask us your questions](https://twitter.com/#!/privasectech).