. . COMPUTER HACKING AND HACKERS : EMAIL : BUSINESS: CORPORATIONS: NAMED CORPORATIONS: GOOGLE: Hackers Acquire Google Certificate, Could Hijack Gmail Accounts . . Hackers Acquire Google Certificate, Could Hijack Gmail AccountsRepeat of Comodo affair last March; foreign government may be behind theft, says researcher
By Gregg Keizer August 29, 2011 05:26 PM ET Computer Worldhttp://www.computerworld.com/s/article/9219569/ Hackers_acquire_Google_certificate_could_hijack_Gmail_accounts
. A shorter URL for the above link: . http://tinyurl.com/3e77s44 . .Computerworld - Hackers have obtained a digital certificate good for any Google website from a Dutch certificate provider, a security researcher said today.
.Criminals could use the certificate to conduct "man-in-the-middle" attacks targeting users of Gmail, Google's search engine or any other service operated by the Mountain View, Calif. company.
."This is a wildcard for any of the Google domains," said Roel Schouwenberg, senior malware researcher with Kaspersky Lab, in an email interview Monday.
."[Attackers] could poison DNS, present their site with the fake cert and bingo, they have the user's credentials," said Andrew Storms, director of security operations at nCircle Security.
.Man-in-the-middle attacks could also be launched via spam messages with links leading to a site posing as, say, the real Gmail. If recipients surfed to that link, their account login username and password could be hijacked.
.Details of the certificate were posted on Pastebin.com last Saturday. Pastebin.com is a public site where developers -- including hackers -- often post source code samples.
.According to Schouwenberg, the SSL (secure socket layer) certificate is valid, and was issued by DigiNotar, a Dutch certificate authority, or CA. DigiNotar was acquired earlier this year by Chicago-based Vasco, which bills itself on its site as "a world leader in strong authentication."
. snip .Because the certificate is valid, a browser would not display a warning message if its user went to a website signed with the certificate.
. . The complete article may be read at the URL above. . . Sincerely, David Dillard Temple University (215) 204 - 4584 jwne@xxxxxxxxxx http://daviddillard.businesscard2.com Net-Gold http://groups.yahoo.com/group/net-gold http://listserv.temple.edu/archives/net-gold.html Index: http://tinyurl.com/myxb4w http://groups.google.com/group/net-gold?hl=en General Internet & Print Resources http://guides.temple.edu/general-internet COUNTRIES http://guides.temple.edu/general-country-info EMPLOYMENT http://guides.temple.edu/EMPLOYMENT TOURISM http://guides.temple.edu/tourism DISABILITIES http://guides.temple.edu/DISABILITIES INDOOR GARDENING http://tech.groups.yahoo.com/group/IndoorGardeningUrban/ Educator-Gold http://groups.yahoo.com/group/Educator-Gold/ K12ADMINLIFE http://groups.yahoo.com/group/K12AdminLIFE/ The Russell Conwell Learning Center Research Guide: THE COLLEGE LEARNING CENTER http://tinyurl.com/yae7w79 Nina Dillard's Photographs on Net-Gold http://tinyurl.com/36qd2o and also http://gallery.me.com/neemers1 http://www.flickr.com/photos/neemers/ Twitter: davidpdillard Bushell, R. & Sheldon, P. (eds), Wellness and Tourism: Mind, Body, Spirit, Place, New York: Cognizant Communication Books. Wellness Tourism: Bibliographic and Webliographic Essay David P. Dillard http://tinyurl.com/p63whl http://tinyurl.com/ou53aw INDOOR GARDENING Improve Your Chances for Indoor Gardening Success http://tech.groups.yahoo.com/group/IndoorGardeningUrban/ http://groups.google.com/group/indoor-gardening-and-urban-gardening SPORT-MED https://www.jiscmail.ac.uk/lists/sport-med.html http://groups.google.com/group/sport-med http://groups.yahoo.com/group/sports-med/ http://listserv.temple.edu/archives/sport-med.html HEALTH DIET FITNESS RECREATION SPORTS TOURISM http://health.groups.yahoo.com/group/healthrecsport/ http://groups.google.com/group/healthrecsport http://healthrecsport.jiglu.com/ http://listserv.temple.edu/archives/health-recreation-sports-tourism.html . . Please Ignore All Links to JIGLU in search results for Net-Gold and related lists. The Net-Gold relationship with JIGLU has been terminated by JIGLU and these are dead links. http://groups.yahoo.com/group/Net-Gold/message/30664 http://health.groups.yahoo.com/group/healthrecsport/message/145 . .