Tuesday, August 30, 2011

Iranian Google Users Attacked with False Certificate

Some Google users from Iran have complained about an alert thrown by Chrome in the normal course of logging in their gmail accounts:

The warning of the previous image means that somebody is attempting a HTTPS stripping attack to get between the Google users and Google encrypted services what would allow them to revealing personal information such as usernames and passwords.

Chrome was able to detect such attack because it built-in certificate pinning and HSTS.

The ISP involved in the issue is ParsOnline but there might be more. Google and Firefox have already alerted their users about the attack.

The certificate is issued by Diginotar, which is the CA that is the official supplier of most Dutch Government certificates.

No comments:

Post a Comment