close
This ad will auto close in 10 seconds

Google users in Iran targeted in certificate scam

A false Internet security certificate has been used in an attempt to snoop on Google users in Iran.



Washington: A false Internet security
certificate has been used in an apparent attempt to snoop on
Google users in Iran, according to the Internet search giant
and computer security firms.

A Dutch company, DigiNotar, which issues the Internet
security credentials known as SSL certificates, said today
that it had revoked the "fraudulent certificate" in question.

SSL certificates are used to verify to visitors that a
particular website is authentic and are issued by DigiNotar
and other firms known as Certification Authorities.

Internet users whose browsers are fooled by a false
certificate could unwittingly reveal their activity to another
party in what is known as a "man-in-the-middle attack."

DigiNotar said it had suffered an "intrusion" into its
Certificate Authority infrastructure on July 19 which resulted
in the "fraudulent issuance of public key certificate requests
for a number of domains, including Google.com."

"At that time, an external security audit concluded that
all fraudulently issued certificates were revoked," DigiNotar
said. "Recently, it was discovered that at least one
fraudulent certificate had not been revoked at the time.

"After being notified by Dutch government organization
Govcert, DigiNotar took immediate action and revoked the
fraudulent certificate," it said.

Google said in a blog post late yesterday that it had
"received reports of attempted SSL man-in-the-middle attacks
against Google users, whereby someone tried to get between
them and encrypted Google services.

"The people affected were primarily located in Iran,"
said Heather Adkins, an information security manager at
Google.

"The attacker used a fraudulent SSL certificate issued by
DigiNotar, a root certificate authority that should not issue
certificates for Google," she said.

Adkins said users of the Google Chrome Web browser were
protected from the attack "because Chrome was able to detect
the fraudulent certificate."

"To help deter unwanted surveillance, we recommend that
users, especially those in Iran, keep their Web browsers and
operating systems up to date and pay attention to Web browser
security warnings," she added.

PTI

From Zee News

0 Comment - Join the Discussions

trending

photo gallery

video


WION FEATURES

K8 Plus: Lenovo's new phone available @ Rs 10,999

Heavy security outside Dera Sacha Sauda headquarters in Sirsa as search operation begins

WATCH Exclusive: After Doklam standoff, India begins road construction near LAC

Hurricane Irma, rampaging through Caribbean, is most enduring super-storm on record

Three train derailments in 1 day, fourth accident narrowly-averted

China says Indian Army chief's views contrary to those expressed by Modi, Xi