Wow, i haven't updated this blog in a while so here's a new browser security tip.
Seeing that Mozilla has accepted the China Internet Network Information Center as a trusted CA root, that got me a little worried since i use firefox as my main web browser. I took the following steps to disable the CINNIC root CA.
For firefox
Select "Tools", then "Options".
Click "Advanced", "Encryption" and "View Certificates".
Scroll down to "CNNIC" and select the "CNNIC Root" certificate.
Finally click "Edit", uncheck "This certificate can identify web sites" and press OK on all open windows.
Now even if the root certs are updated, that cert remains untrusted.
For Internet explorer
select "Tools", "Internet Options", "Content", "Certificates", "Trusted Root Certification Authorities", select the certificate you want, then click "Advanced", uncheck the "Server Authentication" role and then click "Ok", "Close", and "OK" again to finally make your change stick.
This is a precaution i took against any possible man-in-the middle attack originating from china. Hope this was informative :)
Seeing that Mozilla has accepted the China Internet Network Information Center as a trusted CA root, that got me a little worried since i use firefox as my main web browser. I took the following steps to disable the CINNIC root CA.
For firefox
Select "Tools", then "Options".
Click "Advanced", "Encryption" and "View Certificates".
Scroll down to "CNNIC" and select the "CNNIC Root" certificate.
Finally click "Edit", uncheck "This certificate can identify web sites" and press OK on all open windows.
Now even if the root certs are updated, that cert remains untrusted.
For Internet explorer
select "Tools", "Internet Options", "Content", "Certificates", "Trusted Root Certification Authorities", select the certificate you want, then click "Advanced", uncheck the "Server Authentication" role and then click "Ok", "Close", and "OK" again to finally make your change stick.
This is a precaution i took against any possible man-in-the middle attack originating from china. Hope this was informative :)
No comments:
Post a Comment