Iran Suspected of Breach in Acquired Google SSL Cert.

DigiNotar, a digital Certificate Authority (CA), has confirmed that its infrastructure was breached in July and a fraudulent SSL certificate was available until yesterday.

A Google Chrome user in Iran posted his suspicion of a man-in-the-middle-attack via a fake certificate that may have been obtained by his ISP or the Iranian government, which enabled it to intercept Gmail messages. Google said it has removed the fraudulent *.google.com certificate from Chrome and intends to remove trust for all DigiNotar certificates from its browser.

Chrome was apparently able to detect the fake certificate due to a recent security update in the browser. Mozilla said that it was informed by Google about the problem and issued a warning. Microsoft also published a security advisory and says users running Windows Vista and above are automatically protected via the company's certificate trust list. Mozilla said that it has revoked the certificate, but does not know of the extent of the security breach and will release security updates for all of its browser just to be safe. Both Mozilla and Microsoft said that all DigiNotar certificates are not trusted anymore.

A post by the Electronic Frontier Foundation (EFF) also notes a possible attack and questions the security of digital certificates that are provided by CAs. Vasco, the parent company of DigiNotar, provided a few details of the security breach, most likely in response to the Google announcement. The CA said that it detected the breach in July and deleted all affected certificates, but missed the fraudulent Google certificate. There was no immediate information how many users may have been affected by the breach.