Forged security certificate targets Google users

By Lee Kaelin on August 30, 2011, 2:53 PM

It has been confirmed that DigiNotar, a SSL certificate authority from the Netherlands issued an Internet security certificate to unknown attackers on July 10th. For over 2 months this certificate would have allowed them to setup fake copies of Google websites that appeared genuine to the majority of users, and collect login information for all of the company's services, including Gmail.

It's still unknown how attackers managed to get the fake google.com security certificate issued. First reports of the scam came from an Iranian web user, who posted the information in a Google help forum, sparking speculation that the Iranian government had been involved in the attack and subsequent release of the security certificate.

Google Chrome's in-built security measures did their part in questioning the authenticity of the certificate, but it is very likely that many others were unaware of the problem. This follows a similar incident earlier in the year when Comodo found itself the victim on a hack, with fake certificates for several high profile companies released under its name. Evidence gathered during the investigation of that attack suggested the attack came from within Iran.

The Electronic Frontier Foundation (EFF) commented that it highlighted fundamental issues with SSL and the authorities such as DigiNotar, who issue certificates. "The certificate authority system was created decades ago in an era when the biggest on-line security concern was thought to be protecting users from having their credit card numbers intercepted by petty criminals," the EFF said. "Today internet users rely on this system to protect their privacy against nation-states. We doubt it can bear this burden."

Google in the meantime has taken steps to block all sites issued with DigiNotar security certificates pending a full investigation. Mozilla has also posted an easy guide to remove the DigiNotar fraudulent SSL certificate from your browser.




User Comments: 7

Got something to say? Post a comment
Staff
Julio Franco Julio Franco, TechSpot Editor, said:

Better be safe than sorry, I just found that certificate on my Firefox install that I use for work.

mailpup mailpup said:

I found it on my Firefox too. I followed the directions and got rid of it.

Archean Archean, TechSpot Paladin, said:

Luckily I don't use Google so I am not worried about it (and there is no DigiNotar certificate on my notebook) . I think Google is doing the right thing with checking all DigiNotar issued certificates.

mario mario, Ex-TS Developer, said:

Found it on my Mac, to remove it for Safari or Chrome you have to open Keychain Access and search for DigiNotar

StrayEagle said:

Wow....i wonder how wide spread this was....i've found it on all my computers.

WinXPert WinXPert said:

Got it too and already removed it in FF.

war59312 said:

Same here. Crazy it took 2 months to notice it.

Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.