And how about the Google Talk? Despite Chrome and Firefox, it didn't give any alert while signing in my account. Unfortunately, Google Talk hasn't been updated for a long time!
I've been using Firefox "Certificate Patrol" extension, and for some weeks I've noticed a high number of warnings of changed certificates coming from Google sites. I've no particular reason to think these were MITM attacks, but at the time suspected it depended on which load-balanced server the connection was made to.
The current mix of wildcard and specific certificates across several domains that Google uses makes it less easy to spot changed certificates.
Do you have any policies about keeping server certs globally synchronised to help in such MITM detection?
what are you talking about ? its just end user that is under pressure every time.from Both Government and Google, Google also blocked lots of its service from Iran , it blocked google Code,Google API and lots of other service, why ? we have to use tool provided by US Government in order to prevent its sanction on internet. I mean that US Government put sanction on Internet access on some site,and it self provide us lots of tools to prevent this sanction. tools like VPN,Your Freedom,CProxy,Tor,Radio Farda and lots of other tools that US Gov Support them.
"Google Chrome users were protected from this attack because Chrome was able to detect the fraudulent certificate."..."In addition in Chromium 13, only a very small subset of CAs have the authority to vouch for Gmail (and the Google Accounts login page)."
Could you give a link to the chromium code where this subset of CAs exists and the check occurs?
It's ironic that you cannot download and install Chrome in Iran because of US export laws. If you really care about protecting your Iranian users why don't you make Chrome available to them somehow? And why should installing a web browser be included in sanctions? This is basically a sanction against Iranian people not Iranian regime.
Commenting From Iran. Was the attack confirmed successful? This blog was govermentally filtered in iran since 5 hours ago.for me, it is enough proof to see this as a iran's DAMNED government action spending money on hacking and cyber-violants except of improving the bandwidth and internet. If you remember some months ago, there was a SSL Stealing of Comodo which IP was compromised as an Iranian Computer too. _______________ P.S. to iranians Mitonid az server haye dg vase download google chrome estefade konid. faghat ye search konid baraye downloadesh, server dg e ro peyda konid.
@Amir: I believe that's because even when free Google Chrome is still a commercial product and therefore bound to the US laws forbidding commerce with Iran.
@booniffle: Yes, I agree. This is not Google's fault as they are trying to conform with US laws, rather I mean that some of these sanction laws are really stupid and even against what they were meant for in the first place. For example, every body knows that Iranian government can get their hands on these "sensitive" software products through different channels with no difficulty, rather the burden, and now insecurity, is what is left for Iranian people, especially those who are not so tech-savvy. I wish some action would be taken by US government to review and revise some of their sanction laws.
If you cannot download Chrome in your country due to export restrictions, or you need a US-based IP for other reasons, try a free VPN service such as (for example) www.raptorvpn.com .
عندي مشكلها بلموق�� البريدالكتروني بتهية ولكن كيف فانا ماريد افقد الموقع حقي والبيانات+الاصدقاء بجوجل + ولا اعرف كيف وفية مشكلة بتزامن وتهيات البريد الكتروني فهل في لاصلاح الموقع مع التزامن ومشكورين لكي لا افقد شئ من الموقع حقي حتي الرسايل البريد الكتروني برضو مشكلة ولا اعرف كيف
December 14, 2013 at 10:53 AM
Posted by Heather Adkins, Information Security Manager
Today we received reports of attempted SSL man-in-the-middle (MITM) attacks against Google users, whereby someone tried to get between them and encrypted Google services. The people affected were primarily located in Iran. The attacker used a fraudulent SSL certificate issued by DigiNotar, a root certificate authority that should not issue certificates for Google (and has since revoked it).
Google Chrome users were protected from this attack because Chrome was able to detect the fraudulent certificate.
To further protect the safety and privacy of our users, we plan to disable the DigiNotar certificate authority in Chrome while investigations continue. Mozilla also moved quickly to protect its users. This means that Chrome and Firefox users will receive alerts if they try to visit websites that use DigiNotar certificates. Microsoft also has taken prompt action.
To help deter unwanted surveillance, we recommend that users, especially those in Iran, keep their web browsers and operating systems up to date and pay attention to web browser security warnings.
Update Aug 30: Added information about Microsoft's response.
Update Sept 3: Our top priority is to protect the privacy and security of our users. Based on the findings and decision of the Dutch government, as well as conversations with other browser makers, we have decided to reject all of the Certificate Authorities operated by DigiNotar. We encourage DigiNotar to provide a complete analysis of the situation.
26 Comments
Close this window Jump to comment formDoes this also include the "DigiNotar PKIoverheid CA Overheid en Bedrijven" root which is maintained by the same company?
August 30, 2011 at 2:03 AM
And how about the Google Talk? Despite Chrome and Firefox, it didn't give any alert while signing in my account. Unfortunately, Google Talk hasn't been updated for a long time!
August 30, 2011 at 3:47 AM
What can we do?
August 30, 2011 at 4:02 AM
Unfortunately we can not use 2-step verification in Iran.Please make available.
August 30, 2011 at 5:52 AM
What about users who are using outlook to check their GMail box?
August 30, 2011 at 7:11 AM
Could you explain how Chrome was able to detect the fraudulent certificate ?
August 30, 2011 at 8:42 AM
I've been using Firefox "Certificate Patrol" extension, and for some weeks I've noticed a high number of warnings of changed certificates coming from Google sites. I've no particular reason to think these were MITM attacks, but at the time suspected it depended on which load-balanced server the connection was made to.
The current mix of wildcard and specific certificates across several domains that Google uses makes it less easy to spot changed certificates.
Do you have any policies about keeping server certs globally synchronised to help in such MITM detection?
August 30, 2011 at 9:33 AM
Pienso que con la suite de Navegadores Netscape 9, SeaMonkey 4.3 o Mozilla 8.0 tambien se encuentran protegidos.
Julio Belinchón Hernández.
August 30, 2011 at 1:01 PM
Opera users are also automatically protected.
http://my.opera.com/securitygroup/blog/2011/08/30/when-certificate-authorities-are-hacked-2
August 30, 2011 at 1:12 PM
it's Irans Governement, want to spy ppl g-mail account ...
please do something against them, it's truly illegal and irespected action :(
August 30, 2011 at 4:14 PM
Hi
I'm a Iranian User
Really thanks for warning.
This problem was prevalent in recent days.
many of my friends said me it happened for them.
August 30, 2011 at 4:25 PM
what are you talking about ?
its just end user that is under pressure every time.from Both Government and Google,
Google also blocked lots of its service from Iran ,
it blocked google Code,Google API and lots of other service,
why ?
we have to use tool provided by US Government in order to prevent its sanction on internet.
I mean that US Government put sanction on Internet access on some site,and it self provide us lots of tools to prevent this sanction.
tools like VPN,Your Freedom,CProxy,Tor,Radio Farda and lots of other tools that US Gov Support them.
August 31, 2011 at 1:04 AM
"Google Chrome users were protected from this attack because Chrome was able to detect the fraudulent certificate."..."In addition in Chromium 13, only a very small subset of CAs have the authority to vouch for Gmail (and the Google Accounts login page)."
Could you give a link to the chromium code where this subset of CAs exists and the check occurs?
Thanks!
August 31, 2011 at 2:57 AM
It would be interesting to know the background and reasons of the attack.
August 31, 2011 at 3:41 AM
Only if we were allowed to update chrome in Iran!
August 31, 2011 at 7:01 AM
It's ironic that you cannot download and install Chrome in Iran because of US export laws. If you really care about protecting your Iranian users why don't you make Chrome available to them somehow?
And why should installing a web browser be included in sanctions? This is basically a sanction against Iranian people not Iranian regime.
August 31, 2011 at 10:51 AM
Commenting From Iran.
Was the attack confirmed successful?
This blog was govermentally filtered in iran since 5 hours ago.for me, it is enough proof to see this as a iran's DAMNED government action spending money on hacking and cyber-violants except of improving the bandwidth and internet.
If you remember some months ago, there was a SSL Stealing of Comodo which IP was compromised as an Iranian Computer too.
_______________
P.S. to iranians
Mitonid az server haye dg vase download google chrome estefade konid. faghat ye search konid baraye downloadesh, server dg e ro peyda konid.
August 31, 2011 at 2:18 PM
@Amir: I believe that's because even when free Google Chrome is still a commercial product and therefore bound to the US laws forbidding commerce with Iran.
August 31, 2011 at 4:25 PM
Would that be why I've been getting the icon in Chrome that some elements in gmail were insecure? What kind of information could they feasibly have?
August 31, 2011 at 6:28 PM
@booniffle: Yes, I agree. This is not Google's fault as they are trying to conform with US laws, rather I mean that some of these sanction laws are really stupid and even against what they were meant for in the first place. For example, every body knows that Iranian government can get their hands on these "sensitive" software products through different channels with no difficulty, rather the burden, and now insecurity, is what is left for Iranian people, especially those who are not so tech-savvy.
I wish some action would be taken by US government to review and revise some of their sanction laws.
September 1, 2011 at 12:42 AM
the 2-Step Verification is Not Support in IRAN , and IRAN Government Can Easily Spy Iranian ppl's Gmail Account . Please Support it for IRANian ppl
September 1, 2011 at 6:38 AM
If you cannot download Chrome in your country due to export restrictions, or you need a US-based IP for other reasons, try a free VPN service such as (for example) www.raptorvpn.com .
September 1, 2011 at 12:56 PM
To improve the Iranian users security I think Google must enable the 2-step verification for Iran.
If you think due to US sanctions it should be disable then why the Google SMS service is available in recovering password option?
I always believed in Google privacy policies, the privacy of Iranian users must be intact by all means.
September 1, 2011 at 11:02 PM
What about the Google browser on Android? Is there a way we can disable the DigiNotar certificate? Or will an updated app be published?
September 2, 2011 at 5:47 PM
I would assume Iranians can use Chromium though since that is an open source project that is not a commercial product. Is this correct?
September 13, 2011 at 1:45 AM
عندي مشكلها بلموق�� البريدالكتروني بتهية ولكن كيف فانا ماريد افقد الموقع حقي والبيانات+الاصدقاء بجوجل + ولا اعرف كيف وفية مشكلة بتزامن وتهيات البريد الكتروني فهل في لاصلاح الموقع مع التزامن ومشكورين لكي لا افقد شئ من الموقع حقي حتي الرسايل البريد الكتروني برضو مشكلة ولا اعرف كيف
December 14, 2013 at 10:53 AM