Newer posts are loading.
You are at the newest post.
Click here to check if anything new just came in.
02mydafsoup-01

[...]

The hacker, whose March 15 attack was traced to an IP address in Iran, compromised a partner account at the respected certificate authority Comodo Group, which he used to request eight SSL certificates for six domains: mail.google.com, www.google.com, login.yahoo.com, login.skype.com, addons.mozilla.org and login.live.com.

The certificates would have allowed the attacker to craft fake pages that would have been accepted by browsers as the legitimate websites. The certificates would have been most useful as part of an attack that redirected traffic intended for Skype, Google and Yahoo to a machine under the attacker’s control. Such an attack can range from small-scale Wi-Fi spoofing at a coffee shop all the way to global hijacking of internet routes.

At a minimum, the attacker would then be able to steal login credentials from anyone who entered a username and password into the fake page, or perform a “man in the middle” attack to eavesdrop on the user’s session.

[...]

Hack Obtains 9 Bogus Certificates for Prominent Websites; Traced to Iran | Threat Level | Wired.com 2011-03-23
Reposted byiranelectionkrekk

Don't be the product, buy the product!

Schweinderl