Rogue web certificate could have been used to attack Iran dissidents
Guardian / Charles Arthur
30-Aug-2011
Rogue web certificate could have been used to attack Iran dissidents

Flaw could have let attackers steal passwords and data from apparently secure connections to Google sites such as Gmail

Security researchers are warning a web certificate is being used that could let hackers steal passwords and data from apparently secure connections to Google sites such as Gmail.

 

Internet users in Iran are believed to be at particular risk from the rogue SSL certificate, which is used to digitally "sign" HTTPS connections to any google.com site and was issued by a Dutch company called DigiNotar on 10 July. In particular, dissidents who trust Google's systems for their security may have been targeted in the attack.

 

DigiNotar – which does not have any direct business relationship with Google – has not said who the certificate was issued to, but the effect would be that someone could think they were logged securely into a site and that their communication would be encrypted; but instead attackers controlling the network could eavesdrop on all their keystrokes, including passwords. This is known as a "man in the middle"... >>>

recommended by vildemose

Share/Save/Bookmark