Google Warns Against SSL Security Breach
![Google Warns Against SSL Security Breach [Man-in-the-Middle Attacks Might Result in Stolen Google Account Credentials; Users Urged to Update Web Browsers]](http://nexus404.com/Blog/thumbnailimages/alt/Google-Logo-w480TFTSThumb220153.jpg){kind=logo}
Google has issued warnings against possible man-in-the-middle attacks resulting from a breach in digital SSL certificate issuer DigiNotar’s system. The company says that web browsers need to be patched to prevent user account and identity theft.
DigiNotar, a Dutch company, issues SSL certificates that ensure authentication and encryption in SSL-protected websites. However, a recent breach in DigiNotar’s system has been discovered. The company was found to have issued a certificate for the “google.com” domain this July, even as Google has not acquired a certificate from the company. Coupled with a “poisoned” DNS cache, a third party could then pretend they were “google.com” and obtain user accounts and passwords that way.
DigiNotar has since revoked the certificate, and Google is disabling access to DigiNotar certificates in Chrome. However, unknowing web users might still fall victim to so-called man-in-the-middle attacks, in which a third party pretends to be a certified website by using the fraudulent SSL certificate. Google has since updated Chrome, which is actually able to detect the fake certificate in the first place. Mozilla and Microsoft have likewise updated their Firefox and Internet Explorer browsers, respectively.
But while many users might experience hacked Gmail and Google accounts, citizens from some parts of the world are facing much bigger problems. Google says the certificate breach targeted users in Iran, some of whom might be put in compromised positions for communications or content posted or sent through their Google accounts. Speculations are that Iranian authorities may have been responsible for the certificate acquisition, although these remain to be confirmed. Google has not disclosed the extent of the damage.
Users are warned against accessing sites that have invalid SSL certificates, and to heed browser warnings to this effect. Google automatically pushes updates for Chrome, and users who have automatic updates will get IE and Firefox likewise patched with latest fixes. To ensure security, users are advised to confirm having the latest versions and patches for these browsers, and to surf with vigilance.
Google Changing Things Up; New Accounts Now Required To Create A Google Profile, Google+ Page & Gmail Account To Get Started
Google’s Privacy Breach via Google+ Ads in Safari to be Severely Punished by the FTC in the Near Future
New Google Patent Details Means of Offering Ads to Handset Users Based on Their Conversations, Is a New Privacy Breach Scandal in Google’s Future?]
Google Fends Off Microsoft Ad Attacks Over Upcoming Privacy Policy Changes, Which Are Still Going to Hit Users Soon
Google Account Activity Reports Offer A Look At How You Are Using Google Including Which Services Are Most Used, Your Gmail Message Stats, Any Authentication Changes & More
Breaking News
The TFTS Team
