In light of the disclosure on Wednesday about 9 fraudulent SSL certificates being issued by a partner of Comodo, was quick to respond with an update to protect users of .

however has not reacted leaving many OS X users in the dark. Mike Shannon from SophosLabs did some research for me this week so we could provide a guide on configuring your Mac to be secured against these bogus certificates. Unfortunately not all browsers behave the same on OS X so we have to describe a few different processes to ensure maximum protection.

Apple Safari and both support the Apple Keychain application for managing digital certificates and determining who you trust.

You will need to open the Keychain Access application. Go to Applications -> -> Keychain Access or press Apple+Shift+U and open Keychain Access. Choose the Keychain Access menu in the Menu Bar and choose Preferences or press Apple-. Within the preferences dialog choose the certificates button and set both OCSP and CRL to “Best Attempt”.

Firefox users have some good news, some bad. The good news is that OCSP is enabled by default. For certificate authorities that support OCSP Firefox will automatically protect you, and thankfully Comodo does provide an OCSP service. The bad news is that certificate revocation lists must be manually imported if a certificate that does not support OCSP must be revoked.

If you need to manually import a CRL you can choose Firefox in the Menu Bar and select Preferences -> Advanced -> Encryption -> Validation. Opera appears to have OCSP enabled by default similar to Firefox. To manually import CRLs choose Opera in the Menu Bar -> Preferences -> Advanced tab -> -> Manage Certificates -> Rejected tab and select Import.

370a482a52ple175.jpg Apple users left to defend themselves against certificate attacks

Read more from the original source:
Apple users left to defend themselves against certificate attacks