Fake Google Certificate Puts Gmail at Risk2011-08-30 09:21 by Daniela
Tags: Gmail, SSL, DigiNotar
A fake web certificate has been circulating for nearly two months, allowing hackers to steal passwords and data from Google sites. Internet users in Iran are supposed to be at particular risk from the rogue SSL certificate, which is used to digitally "sign" HTTPS connections to any google.com site and was issued by a Dutch company called DigiNotar on 10 July.
The counterfeit certificate is valid for *.google.com, giving its unknown holders the means to mount transparent attacks on a wide range of Google users who access pages on networks controlled by the counterfeiters.
Google says it is now marking DigiNotar as untrusted in the next release of Chrome; Mozilla is doing the same in new versions of Firefox, Firefox Mobile and Thunderbird.
Read more -here-