Google Wildcard SSL Certificate Stolen and Publicly Posted
- Author: James Anderson
This means that anyone with this certificate could perform a "man-in-the-middle" attack to target Gmail users, Google Plus users, or any other users using Google's online services.
If a hacker is going to steal a certificate, this is definitely the one to get since its considered a wildcard certificate - good for any .Google.com domain. All a hacker has to do is present a fake web site which looks like Google, by poising of DNS or other means, and then present the stolen certificate. Because the certificate is legitimate for any .Google.com domain the users would have no warning at all that anything is amiss. Then the attacker could easily steal your login credentials gaining access to all of your Google services.
This specific certificate stolen was issued by DigiNotar, a Dutch-based certificate authority (CA). It's not known if DigiNotar was hacked or if the certificate was stolen by other means.
"The certificate authority system was created decades ago in an era when the biggest on-line security concern was thought to be protecting users from having their credit card numbers intercepted by petty criminals," said the Electronic Frontier Foundation a digital rights group based in the United States. "Today internet users rely on this system to protect their privacy against nation-states. We doubt it can bear this burden."
There has already been reports of Iranian web users being attacked by using the stolen certificate but Google Chrome was already updated to thwart the attack. Google has also already revoked the certificate so that it no longer works.
Google spoke in a statement yesterday that they were "pleased that the security measures in Chrome protected the user and brought this attack to the public's attention. While we investigate, we plan to block any sites whose certificates were signed by DigiNotar."
Related News:
Google+ Business Pages Launches
Google Pays $500 Million In Drug Ad Settlement
Skype Buys GroupMe To Compete With Google+ Huddle
Post a Comment
You must login or register before you can comment.
Recent Articles
- Google+ Business Pages Launches
- Netflix Creates Qwikster For DVD By Mail Service
- AMD Makes World Record 8.4GHz CPU Clock Speed
- NASA Mars Rover Opportunity Begins Crater Research
- Apple iPhone 5 Prototype Lost In California Cava 22 Bar