Wednesday, August 31, 2011

Fake SSL certificate DigiNotar impersonate Gmail and other Google services

Google Inc reported a fradulent SSL certificate issued by DigiNotar Certificate Authority (CA) that is "valid for *.google.com. A possible man-in-the-middle (MITM) attacks against Google users, whereby someone tried to get between them and encrypted Google services, can be launched. The people affected were primarily located in Iran. According to a post published on Sunday by a user calling himself alibo, the counterfeit certificate surfaced when he tried to log into his Gmail account using the Google Chrome browser.

Google Chrome users were protected from this attack because Chrome was able to detect the fraudulent certificate. To further protect the safety and privacy of our users, Google will disable the DigiNotar certificate authority in Chrome while investigations continue. Mozilla and Microsoft also moved quickly to protect its users soon after. This means that Chrome and Firefox users will receive alerts if they try to visit websites that use DigiNotar certificates.

» An update on attempted man-in-the-middle attacks | Google Online Security Blog

No comments:

Post a Comment

Do provide your constructive comment. I appreciate that.