How to Protect Yourself From Certificate Bandits

There have been two major Certificate Authority (CA) attacks this year. In March, a hacker successfully penetrated one of the largest CA's on the Web--Comodo--and managed to to himself (including one for Yahoo). The took place this week when a Dutch CA, Diginotar, was compromised and a number of fake certificates were issued.

So how does a Certificate Authority attack work? Certificate bandits break into companies--such as Comodo and Diginotar--that issue digital credentials that your browser uses to verify a website's identity. This credential tells your browser that the site can be "trusted," i.e. that it's not dangerous. Certificate bandits, however, can undermine this entire process by issuing fake certificates to themselves that allow them to masquerade as "safe" sites, such as Google, Mozilla, Skype, and AOL.

Here are four ways you can protect yourself from hackers wielding fraudulent certificates.

1. Keep your browser up to date.

Browser makers are quick to react to news of CA hacks, and block them by pushing out fixes to their products. Though some browsers do this with automatic updates, others require manual updating. Know how your browser updates itself (or, doesn't) and make sure you're running the latest version of the program. The faster your browser is updated, the faster hackers will be thwarted.

2. Enable certificate revocation in your browser.