Home The fate of Qt users after DigiNotar security breach – The way forward

The fate of Qt users after DigiNotar security breach – The way forward

Dutch notary, Dick Batenburg, established DigiNotar in 1998 and it was subsequently sold to VASCO Data Security International on January 10, 2011. At the time, Jan Valcke, VASCO’s president, was quoted to have said that “We believe that DigiNotar’s certificates are among the most reliable in the field. However, it took only 9 months after his statement for DigiNotar to be faced with severe perils. From our previous post which listed the series of events since DigiNotar first noticed the breach on its system, you will know that there is a growing level of concern amongst users of this or related systems. Well, lets not hit on the harm that has been done but profer a solution.

Whats the way forward

Initially, DigiNotar made a statement that all its intermediate certificates are safe but this has turned out to be false. With this recent development, blacklisting only the DigiNotar root certificate does not take care of the imminent threat. The cross-signed intermediaries which ultimately depends on the DigiNotar root certificate need to be blacklisted too. All DigiNotar intermediates and root certificate have been blacklisted. See patches below

For Qt versions 4.7.3 and 4.7.4:

Comodo fraudulent certificates have been blacklisted and the patch used for blacklisting has been applied to earlier versions. (see the blog post on the Comodo attack):blacklist-diginotar-certs.diff

For Qt versions 4.7.0, 4.7.1 and 4.7.2:

A fix for this problem has been incorporated in all upcoming versions including 4.8 and 5. (see e.g. the Qt 5 commit, the commits in the 4.7 and 4.8 repositories are not public yet). blacklist-diginotar-and-comodo-certs.diff
 
Source Qt Labs Developer Blogs

About ReadWrite’s Editorial Process

The ReadWrite Editorial policy involves closely monitoring the tech industry for major developments, new product launches, AI breakthroughs, video game releases and other newsworthy events. Editors assign relevant stories to staff writers or freelance contributors with expertise in each particular topic area. Before publication, articles go through a rigorous round of editing for accuracy, clarity, and to ensure adherence to ReadWrite's style guidelines.

Get the biggest tech headlines of the day delivered to your inbox

    By signing up, you agree to our Terms and Privacy Policy. Unsubscribe anytime.

    Tech News

    Explore the latest in tech with our Tech News. We cut through the noise for concise, relevant updates, keeping you informed about the rapidly evolving tech landscape with curated content that separates signal from noise.

    In-Depth Tech Stories

    Explore tech impact in In-Depth Stories. Narrative data journalism offers comprehensive analyses, revealing stories behind data. Understand industry trends for a deeper perspective on tech's intricate relationships with society.

    Expert Reviews

    Empower decisions with Expert Reviews, merging industry expertise and insightful analysis. Delve into tech intricacies, get the best deals, and stay ahead with our trustworthy guide to navigating the ever-changing tech market.