homepage Welcome to WebmasterWorld Guest from 54.166.33.25
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Pubcon Platinum Sponsor 2014
Home / Forums Index / Google / Google Finance, Govt, Policy and Business Issues
Forum Library, Charter, Moderators: goodroi

Google Finance, Govt, Policy and Business Issues Forum

    
Google users targeted by forged security certificate
Sgt_Kickaxe

WebmasterWorld Senior Member sgt_kickaxe us a WebmasterWorld Top Contributor of All Time



 
Msg#: 4357146 posted 1:18 pm on Aug 31, 2011 (gmt 0)

The forgery was issued to the unknown attackers on 10 July by DigiNotar, a Dutch SSL certificate authority. For more than two months it would have allowed them to set up fake versions of Google websites that appeared genuine to users and their web browsers.

[telegraph.co.uk...]

 

willybfriendly

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 4357146 posted 2:40 am on Sep 1, 2011 (gmt 0)

Also in The Register [theregister.co.uk]

“This CA should receive an internet death sentence as their carelessness may have resulted in deaths in Iran,” an unknown researcher who verified the certificate wrote. “This cert was issued in JULY of 2011 and it is now just a few days before SEPTEMBER. It is being used in the wild against real people in Iran *right* now.”

...“While we investigate, we plan to block any sites whose certificates were signed by DigiNotar,” a statement issued by Google announced.

lammert

WebmasterWorld Senior Member lammert us a WebmasterWorld Top Contributor of All Time 5+ Year Member



 
Msg#: 4357146 posted 1:19 am on Sep 3, 2011 (gmt 0)

The issue is much broader than just the Google certificates. Also many government certificates in the Netherlands are signed by Diginotar. A few hours ago the ministry of Internal Affairs in the Netherlands announced that the Dutch government will stop using Diginotar as a certificate issueing body. The announcement was made by minister Piet Hein Donner himself, which is an indication that the Dutch government takes this hack very seriously.

The source of the hack and the fake certificates seems to be Iran. Besides a fake certificate for google.com, also certificates have been issued for the Yahoo and Mozilla site, and a number of blog platforms including WordPress.

Dijkgraaf

WebmasterWorld Senior Member 5+ Year Member



 
Msg#: 4357146 posted 1:07 am on Sep 5, 2011 (gmt 0)

Also certificates for the www.cia.gov, www.sis.gov.uk, *.mossad.gov.il and various companies. A good writeup at [blog.gerv.net...]

Dijkgraaf

WebmasterWorld Senior Member 5+ Year Member



 
Msg#: 4357146 posted 2:58 am on Sep 7, 2011 (gmt 0)

After hacking claims, second firm pulls digital certificates
GlobalSign is no longer issuing digital certificates as it investigates the incident


[computerworld.com ]

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Google / Google Finance, Govt, Policy and Business Issues
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved