Rogue Google/Gmail SSL "wildcard" certificate

Any research, news or information regarding the wide variety of techniques criminals use to take over your computers or web servers.

Rogue Google/Gmail SSL "wildcard" certificate

Postby NotBuyingIt » Tue Aug 30, 2011 1:19 am

"A certificate authority in the Netherlands issued a valid SSL wildcard certificate for Google to a third party in July, leading to concerns that attackers may have been using the certificate to route sensitive traffic through their own servers, capturing it and compromising user data in the process. The certificate was revoked by the CA, DigiNotar, after the problem came to light Monday."

source:
https://threatpost.com/en_us/blogs/atta ... -it-082911

This story has also been Slashdoted
NotBuyingIt
Spammer Killing Machine
 
Posts: 611
Joined: Sun Jun 13, 2010 5:22 pm

Re: Rogue Google/Gmail SSL "wildcard" certificate

Postby Volksjaeger » Tue Aug 30, 2011 11:11 am

http://www.f-secure.com/weblog/archives/00002228.html
It looks like Diginotar has been having some problems for quite a while.
Verloren ist nur, wer sich selbst aufgibt!
User avatar
Volksjaeger
Spam Muncher
 
Posts: 787
Joined: Thu Dec 25, 2008 8:39 pm

Re: Rogue Google/Gmail SSL "wildcard" certificate

Postby NotBuyingIt » Sat Sep 03, 2011 7:12 pm

The New York Times (3-September-2011)
"An official ... said the [Dutch] government was taking over [DigiNotar's] operations."

Google Chrome:
"We're revoking trust for SSL certificates issued by DigiNotar-controlled intermediate CAs used by the Dutch PKIoverheid program."
NotBuyingIt
Spammer Killing Machine
 
Posts: 611
Joined: Sun Jun 13, 2010 5:22 pm


Return to Botnets, Hijacks and Hacking

Who is online

Users browsing this forum: No registered users and 1 guest

cron