Tuesday, September 06, 2011

  • Tuesday, September 06, 2011
  • Elder of Ziyon
From The Register:
The Google webmail of as many as 300,000 Iranians may have been intercepted using fraudulently issued security certificates made after a hack against Dutch certificate authority outfit DigiNotar, according to the preliminary findings of an official report into the megahack.

Fox-IT, the security consultancy hired to examine the breach against DigiNotar, reveals that DigiNotar was hacked on or around 6 June – a month before hackers begun publishing rogue certificates. Between 10 July and 20 July hackers used compromised access to DigiNotar's systems to issue rogue 531 SSL certificate for Google and other domains, including Skype, Mozilla add-ons, Microsoft update and others. DigiNotar only begun revoking rogue certificates on 19 July and waited more than a month later to go public about the problem. The fake *.google.com certificate – which was valid for code-signing – wasn't revoked until 29 July.

The compromise was used, in part, to spy on Iranian internet users, using the forged Google SSL certificate to run man-in-the-middle attacks.

"The list of domains and the fact that 99 per cent of the users are in Iran suggest that the objective of the hackers is to intercept private communications in Iran," [Fox-IT] adds.
In English, this means that Iran apparently forged the certificates that are used to ensure that web traffic to various websites - like Google - is correctly encrypted. This means that Iran was able to spy on email and web traffic that even the most conscientious user would have assumed was safe from prying eyes.

Or, as Israel Hayom describes it:
In theory, a fraudulent certificate can be used to trick a user into visiting a fake version of a Web site, or used to monitor communications with the real sites without users noticing.

But in order to pass off a fake certificate, a hacker must be able to steer his target’s Internet traffic through a server that he controls. That is something only an Internet service provider, or a government that commands one, can easily do.

According to AP, technology experts cite a number of reasons to believe the attack is connected to Iran. Notably, several of the certificates contain nationalist slogans in Farsi, the language spoken by most Iranians.

“This, in combination with messages the hacker left behind on DigiNotar’s Web site, definitely suggests that Iran was involved,” Ot van Daalen, director of Bits of Freedom, an online civil liberties group, told AP.


EoZTV Podcast

Podcast URL

Subscribe in podnovaSubscribe with FeedlyAdd to netvibes
addtomyyahoo4Subscribe with SubToMe

search eoz

Loading...

comments

Speaking

follow me

Follow by Email

translate

Share on Whatsapp


E-Book

For $18 donation








Sample Text

EoZ's Most Popular Posts Ever

Hasbys!

Elder of Ziyon - حـكـيـم صـهـيـون

This blog may be a labor of love for me, but it takes a lot of effort, time and money. For over 12 years and over 25,000 articles I have been providing accurate, original news that would have remained unnoticed. I've written hundreds of scoops and sometimes my reporting ends up making a real difference. I appreciate any donations you can give to keep this blog going.

Donate!

Donate to fight for Israel!

Monthly subscription:
Payment options


One time donation:

subscribe via email

Follow EoZ on Twitter!

Tweets

Compliments

The Jerusalem Report:"A seemingly indefatigable one-man operation, armed only with a computer, chutzpa and stamina."

Algemeiner: "Fiercely intelligent and erudite"

Omri: "Elder is one of the best established and most respected members of the jblogosphere..."
Atheist Jew:"Elder of Ziyon probably had the greatest impression on me..."
Soccer Dad: "He undertakes the important task of making sure that his readers learn from history."
AbbaGav: "A truly exceptional blog..."
Judeopundit: "[A] venerable blog-pioneer and beloved patriarchal figure...his blog is indispensable."
Oleh Musings: "The most comprehensive Zionist blog I have seen."
Carl in Jerusalem: "...probably the most under-recognized blog in the JBlogsphere as far as I am concerned."
Aussie Dave: "King of the auto-translation."
The Israel Situation:The Elder manages to write so many great, investigative posts that I am often looking to him for important news on the PalArab (his term for Palestinian Arab) side of things."
Tikun Olam: "Either you are carelessly ignorant or a willful liar and distorter of the truth. Either way, it makes you one mean SOB."
Mondoweiss commenter: "For virulent pro-Zionism (and plain straightforward lies of course) there is nothing much to beat it."
Didi Remez: "Leading wingnut"

Interesting Blogs

Categories

Abbas liar Academic fraud administrivia al-Qaeda algeria American Jews Amnesty analysis anti-semitism apartheid arab refugees Arafat archaeology art ASHREI B'tselem bahrain bbc BDS BDSFail Bedouin Beitunia beoz book review breaking the silence Cardozo Chanukah Christians conspiracy theories Cyprus Daphne Anson Davis report DCI-P double standards Egypt Elder gets results ElderToons Electronic Intifada EoZNews eoztv Erekat EU Euro-Mid Observer Fake Civilians 2014 Fatah featured Features fisking flotilla Forest Rain free gaza freedom of press palestinian style future martyr Gary Spedding gaza Gaza Platform George Galloway George Soros gideon levy gilad shalit gisha Goldstone Report Good news Grapel Guardian gunness Haaretz hamas Hamas war crimes hasbara Hasby 2014 Hasby 2016 Hebron helen thomas hezbollah history Hizballah Holocaust denial honor killing HRW Human Rights Humanitarian crisis humor Hypocrisy ICRC Ilan Pappe impossible peace incitement Indonesia international law intransigence iran Iraq Islamic Judeophobia Islamism Israel Loves America Israeli culture Israeli high-tech J Street jabalya jeremy bowen Jerusalem jewish fiction Jewish Voice for Peace jihad jimmy carter John Kerry jokes jonathan cook Jordan Juan Cole Judaism Judea-Samaria Kairos Karl Vick ken roth khalid amayreh Khaybar Lebanon leftists Linkdump lumish mahmoud zahar Malaysia max blumenthal McGraw-Hill media bias Methodist Miftah Mohammed Assaf Mondoweiss moonbats Morocco music Muslim Brotherhood Nakba Natural gas Nazi News nftp NGO NIF norpac NYT Occupation offbeat Omar Barghouti Opinion oxfam PA corruption PalArab lies Palestine Papers pallywood pchr PCUSA Peter Beinart Petra MB poll Poster Preoccupied Prisoners propaganda Proud to be Zionist purimshpiel Qaradawi Qassam calendar Rafah Ray Hanania real liberals reference Richard Falk rogel alpher roger cohen roger waters Saudi Arabia saudi vice self-death self-death palestinians sex crimes SFSU shechita sheikh tamimi Shujaiyeh Simona Sharoni SodaStream South Africa Speech stamps Syria Tarabin Temple Mount Terrorism This is Zionism Thomas Friedman Tunisia Turkey UCI UK UN UNDP unesco unhrc UNICEF United Arab Emirates Unity unrwa UNRWA hate unrwa reports UNRWA-USA Varda Vic Rosenthal Washington wikileaks work accident X-washing Yemen zahran zionist attack zoo Zvi

Blog Archive