Google (NASDAQ:GOOG) Sept. 8 warned its Gmail users in Iran that their accounts may be compromised by the fake SSL (Secure Socket Layer) security certificate issued by Dutch security firm DigiNotar.
The search engine provider, believed to have between 150 million and 200 million Gmail users worldwide, said that its own servers and infrastructure were not compromised in the security attack.
DigiNotar validates and registers SSL certificates, which ensure secure communications for Websites. A computer hacker going by the handle “Comodohacker” stole a Google authentication certificate from DigiNotar in July.
Comodohacker used the certificate to execute a so-called “man-in-the-middle attack,” routing users to fake Web pages and enticing them to reveal their usernames and passwords. This would allow the hacker to access Iranian Gmail users’ messages and monitoring their conversations.
via Google Warns Iranian Gmail Users After DigiNotar Breach – Security – News & Reviews – eWeek.com.
Related articles
- Iranians Among Victims of DigiNotar Hack (bigthink.com)
- Google Contacts Iranian Users to Secure Gmail Accounts (pcworld.com)
- Comodo CEO Says DigiNotar Hack Was State-Sponsored (pcworld.com)