Iran Suspected of Breach in Acquired Google SSL Cert.
DigiNotar, a digital Certificate Authority (CA), has confirmed that its infrastructure was breached in July and a fraudulent SSL certificate was available until yesterday.
A Google Chrome user in Iran posted his suspicion of a man-in-the-middle-attack via a fake certificate that may have been obtained by his ISP or the Iranian government, which enabled it to intercept Gmail messages. Google said it has removed the fraudulent *.google.com certificate from Chrome and intends to remove trust for all DigiNotar certificates from its browser.
Chrome was apparently able to detect the fake certificate due to a recent security update in the browser. Mozilla said that it was informed by Google about the problem and issued a warning. Microsoft also published a security advisory and says users running Windows Vista and above are automatically protected via the company's certificate trust list. Mozilla said that it has revoked the certificate, but does not know of the extent of the security breach and will release security updates for all of its browser just to be safe. Both Mozilla and Microsoft said that all DigiNotar certificates are not trusted anymore.
A post by the Electronic Frontier Foundation (EFF) also notes a possible attack and questions the security of digital certificates that are provided by CAs. Vasco, the parent company of DigiNotar, provided a few details of the security breach, most likely in response to the Google announcement. The CA said that it detected the breach in July and deleted all affected certificates, but missed the fraudulent Google certificate. There was no immediate information how many users may have been affected by the breach.
- Researchers Observe a Black Hole Shredding a Star
- HP: We're Doing One Last Production Run of TouchPads
- Reduce Gas Consumption by 20% With a Smartphone
- Microsoft Patenting Multi-Screen, Multi-Touch Gestures
- Smartphones May Account for Majority of Phones by 2015
- HP Patents Ink Cartridge Vending Machines
- HTC's Vigor is a Beast and It May Have Beats Audio
- Toshiba to Intro Super Thin Honeycomb Tablet
- Report: Apple Working on a Television Set
- Solar Tower Project Powers 140,000 Homes
- Samsung Announces Three New Bada Smartphones
- iOS-Controlled Network Camera Spies on Kids, Guests
- HP is Planning an OTA Update for the TouchPad
- Wacom's Sketch Pen Ditches the Digitizer Tablet
- LG Turning Plasma HDTVs into Touchscreens
- Winners of the Cool Gear for Hot Summer Travel
- EA Asks: Do We Need Another Console Generation?
- Physicians Use Social Media To Recruit Study Particpants
- Government Files to Block AT&T's T-Mobile Acquisition
Not surprising....
Don't expect any "privacy" on the net once you plug that modem in...
Yea, yea, yea, there are people that claim things are "secure". But when you have military computers that are flat out not allowed connection to any network...... yep...
When isn't Iran in breach of anything?
A reply in kind to stuxnet perhaps (if the Iranian Govt. is confirmed to be involved, although at this moment it seems to be a rumor)?
A reply in kind to stuxnet perhaps (if the Iranian Govt. is confirmed to be involved, although at this moment it seems to be a rumor)?
This is domestic spying... How is it related in any way shape or form to stuxnet is beyond me. It was used by an Iranian ISP, so its pretty obvious who is behind this.
It is, but I was only referring to idea, not the target.
i just deleted it from my certificate list. heres how: http://support.mozilla.com/en-US/k [...] r-ca-cert. update all browsers
i just deleted it from my certificate list. heres how: http://support.mozilla.com/en-US/k [...] r-ca-cert. update all browsers
is just a link to make money, leads to a blank page on mozilla's site and routes through viglink which is a ad company.
is just a link to make money, leads to a blank page on mozilla's site and routes through viglink which is a ad company.
I guess its something with toms just run a search on support.mozilla.com
to test if your browser is safe from this certificate go to:
https://www.diginotar.com/Products/ [...] fault.aspx
so far for me chrome and firefox are safe but for IE9 its not and it does not allow me to remove the certificate manually.
Sorry tried again and not getting the Viglink redirect in Firefox but picked it up on IE9, so maybe its Internet Explorer misbehaving, sorry for the inconvenience.
just remove the period from the link
Not surprising....Don't expect any "privacy" on the net once you plug that modem in...Yea, yea, yea, there are people that claim things are "secure". But when you have military computers that are flat out not allowed connection to any network...... yep...
You are absolutely right, I know a couple of people who work in Defense. Their computers are not connected to the Internet. They also can't take camera phones or flash drives into work.