Message To Iranians

I have just read part of the unreleased Fox-IT report on DigiNotar, which should be published in full soon. This should already have been obvious from what is publicly known, but if you are in Iran, you should:

  • Update your browser and/or Windows (in Firefox: go to Firefox menu | Help | About Firefox)
  • log out of and back into every email and social media service you have (to invalidate any captured cookies) – particularly ones on this list
  • change your password for each of those sites

Anyone: feel free to publicize this.

3 thoughts on “Message To Iranians

  1. Rather than logging out and in of every service, it would be quicker and safer for users to just clear their cookies. Additionally, users should clear their browser cache to ensure that any malicious items are removed (e.g. javascript files with additional nasty code injected)

  2. @paulstone logout and delete the cached files, if the server still has an idle session hijackers can still use that session =)

    @gerv nice post, but if they haven’t updated there firefox or windows yet. They are still vunerable. (no blacklisted certs/no ocsp).

    quite trickey :)

  3. I would say that logging out and then logging in is more effective than just clearing all cookies. If you explicitly log out at a website, the session is also terminated at their end and some malicous attacked would not be able to hijack any old session.