Even if the Diginotar breach was mitigated by removing the company's root certificates from Firefox and Thunderbird, Mozilla users are still at risk because the hacker claims to have compromised four more CAs as well, one of them being Globalsign.
His successful attacks against Comodo, Startcom and Diginotar are reason enough to take this threat seriously, so Mozilla has sent an urgent letter to all CAs asking them to take several steps meant to find and mitigate any possible compromises.
"This note requests a set of immediate actions on your behalf, as a participant in the Mozilla root program. [...] Please confirm completion of the following actions or state when these actions will be completed, and provide the requested information no later than September 16, 2011," the organization wrote in its letter.
The link for this article located at The Inquirer is no longer available.
