Home / Channel / Google users targeted with fradulent SSL certificate

Google users targeted with fradulent SSL certificate

Dragan September 6, 2011 Channel

Around 300,000 unique IP addresses originating from Iran requested access to google.com using a rogue certificate which was issued by digital certificate authority DigiNotar. The report from security firm Fox-It was published yesterday. Google also issued a blogpost on the problem.

The rogue certificate was revoked on August 29th. Fox-It said in their report “Around 300.000 unique requesting IPs to google.com have been identified.” 99 percent of these were sourced to come from Iran.

The IP addresses were passed over to Google, so they could inform users that their email could have been intercepted during this period. As well as email addresses, the login cookie could very likely have been compromised meaning that Google services such as GMAIL could be accessed by unauthorised parties.

Fox-It said that the login cookie will stay active for a much longer time period and that people from Iran should change their passwords for security reasons.

According to ComputerWorld “A sample of the IP addresses outside of Iran during the period were mainly Tor-exit nodes, proxies and other VPN (virtual private network) servers, and almost no direct subscribers, according to the report which analyzed OCSP (Online Certificate Status Protocol) request logs.

Current browsers perform an OCSP check as soon as the browser connects to an SSL (secure sockets layer) website protected through the https (hypertext transfer protocol secure) protocol.

Tor is a distributed anonymous network used by people to prevent being tracked by websites or to connect to instant messaging services and other services when these are blocked by their local Internet service providers.

A total of 531 digital certificates were issued for domains that included google.com, the CIA, and Israel's Mossad.

The list of domains and the fact that 99 percent of the users are in Iran suggest that the objective of the hackers was to intercept private communications in Iran, Fox-IT said.”

Kitguru says: Chrome users were safe from the attack because it was able to detect the fraudulent certificate.

Become a Patron!

Tags

Check Also

Leo Says Ep.73: AMD APUs at CES 2024

KitGuru had a stonkingly successful CES 2024, however there is one small gap in our coverage that needs to be addressed. We gave plenty of coverage to Intel's new Core Ultra range of Meteor Lake laptop processors but appeared to give AMD the cold shoulder, and it is now time to fix that apparent oversight.

© Copyright 2024, Kitguru.net All Rights Reserved Standard Terms