Google One of Many Victims in SSL Certificate Hack

IDG News, By Jeremy Kirk, August 30, 2011

A Dutch company that issues digital certificates used to authenticate websites said late Tuesday that several dozen other websites in addition to Google have been affected by a security breach. The company, DigiNotar, issues SSL (Secure Sockets Layer) and EVSSL (Extended Validation) certificates, which are validated by Web browsers to ensure people are not visiting a fake website that is trying to appear legitimate. DigiNotar is what’s called a Certificate Authority (CA), an entity that sells digital certificates to legitimate website owners. But DigiNotar issued a digital certificate for the google.com domain, a mistake that could allow a skilled attacker to intercept someone’s e-mail Google said Monday the fraudulent certificate was used and targeted users in Iran, although a security feature in its Chrome browser detected the certificate, tipping off users with a warning. DigiNotar, a subsidiary of a security company called Vasco Data Security International, issued a statement on Monday saying it discovered on July 19 during an audit that its infrastructure used to issue the certificates had been breached. http://www.pcworld.com/printable/article/id,239136/printable.html

Advertisements
  1. Leave a comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: