Friday, September 16, 2011

Attack to Gmail using DigiNotar SSL Certificate: Its effects to gmail users.


Gmail Attack by Hackers

Last Saturday/Sunday, the world-famous emailing system, GMail was attacked by some hackers who mainly targeted the Iranian Gmail users. Attackers could do that because they managed to get (more accurately we can say, they stolen) a valid SSL certificate issued for google.com domain.
Are you thinking that it a big news ? Well you might not be the hundred percent right. The bigger news is still to come. The targeted attack to Gmail system is only the tip of the iceberg. We should be taking some concrete steps to protect ourself before any of us becomes one of the victim in coming days.

Relevant AD
This ad may be helpful, if relevant to your search.

How Deep is the attack ?

It is not the only one certificate which hackers manged to get/steal originally issued to google domain. Security Analysts are saying that hackers have stolen more than 200 SSL certificates issued to several famous web sites.
As per DigiNotar, they revoked the certificate as soon as they came to know that the SSL certificate issued to google.com, actually did not mean for Google. They took almost seven days to identify this hacking attack before they revoked certificate issue to Google.com.
The question here is; are they not following some logging procedure during issuing a digital certificates? Are they not auditing the logs ?  If they would have audited the logs, they could have easily came to know about this hacking attack within a day of issuing the SSL certificate. The SSL issuing CA should understand that they in this market to sell Belief rather than any thing even an SSL certificate.
DigiNotar say that the moment they realized this attack, they revoked the compromised certificate. As per them this is the only certificate which they issued by mistake.   But how can we believe that there is only one certificate issued by them to hacker because they took seven days to identify a single certificate that it has been compromised. They may not be telling us about more or they may still be analyzing most of the other certificate which they issue in recent past.

 

Corrective Actions by Web Browser Companies

Mozilla and Google has already released the patches to their browser which users can download to help them safeguard from this attack. Microsoft has also issued patches for IE and also for Windows 2008 and Windows 7 (few other too) too. But they have not issued any patches for Windows XP and Windows 2003. As per Microsoft they will release it later.
Now a big question is, how much open we are to a future attacks, given the fact that hacker have stolen 200+ digicetal rtificates, which can easily make us fool to think that the site which we are using is what they says. I have no concrete answer here to suggest you about to safeguard yourself.
[Did you like this post ? Do leave a comment or share with your Facebook friends. This will give me more reasons to write such posts.]

47 comments:

  1. An impressive share, I just given this onto a colleague who was
    doing a little bit analysis on this. And he in actual fact
    bought me breakfast as a result of I discovered it for him.
    . smile. So let me reword that: Thnx for the deal with! However yeah Thnkx
    for

    spending the time to debate this, I feel strongly about it and love reading more on this topic.
    If doable, as you turn out to be experience, would you mind updating
    your blog with extra

    particulars? It's highly helpful for me. Big thumb up for this

    blog post!

    Review my web page: www.biwa-altenkrempe.de
    Feel free to surf my blog ; spain weather january february

    ReplyDelete
  2. I enjoy you because of all of your labor on this site.
    Betty

    takes pleasure in participating in

    investigation and it is simple to grasp why. A lot of people hear all relating to the lively way you

    render simple tips and hints by means of

    your web site and therefore

    encourage

    participation from people on the topic while our own child is

    certainly starting to learn a great deal. Take pleasure in
    the remaining portion of the new year. You're the one doing

    a brilliant job.
    Also visit my web blog ... www.teampedia.net

    ReplyDelete
  3. That is really fascinating, You are a

    very professional blogger. I've joined your rss feed and sit up

    for looking for more of your excellent post. Additionally, I have shared your website in

    my social networks!
    my webpage: wiki.danva.dk

    ReplyDelete
  4. hello there and thank you for your info - I’ve definitely picked up


    something new from right here. I did however expertise several technical issues using this web

    site, since I experienced to reload the website
    lots of times previous

    to I could get it to load correctly. I had been wondering if your web hosting is OK?
    Not that

    I'm complaining, but sluggish loading instances times will often affect your

    placement in google and could damage your high-quality score if advertising and

    marketing with Adwords. Well I’m adding this RSS to my email and can look out for

    much more of your respective fascinating content. Make sure you update

    this again very soon..
    Visit my webpage ... http://cosmeticsmile-x.blogspot.ru/2012/08/how-much-is-my-face-worth-tag.html

    ReplyDelete
  5. I’m impressed, I have to say. Actually not often do I encounter a blog that’s both educative and entertaining, and let me let
    you know, you may have hit the nail on the head.
    Your

    idea is excellent; the problem is one thing that not

    sufficient individuals are talking intelligently about.

    I'm very

    completely satisfied that I stumbled across

    this in my seek for one thing referring to this.
    Feel free to surf my web-site http://youralways.Pixnet.net/

    ReplyDelete
  6. Hi there, I found your site by the use of Google

    whilst looking for a related matter, your website came up, it appears to be like
    good. I have bookmarked it in my google bookmarks.
    My website ... whitepapers.Hackerjournals.com

    ReplyDelete
  7. Hi my loved one! I want to say that this article is amazing,


    nice written and come with almost all important infos.

    I would

    like to look extra posts like this .
    Also visit my homepage - helenparkhurst.nl

    ReplyDelete
  8. My brother suggested I might like this blog. He was
    totally right. This post

    actually made my day. You can not imagine simply how much time I had spent for this

    info! Thanks!
    Here is my weblog :: HTTP://essentialweb.asia

    ReplyDelete
  9. Admiring the time and energy you put into your

    blog and detailed information you present. It's awesome to come

    across a blog every once in a while that isn't the same out of date rehashed


    information. Fantastic read! I've bookmarked your site and I'm adding
    your

    RSS feeds to my Google account.
    Have a look at my blog : wetinhappen.blogspot.fr

    ReplyDelete
  10. We are a group of volunteers and opening a
    brand new scheme in our community.

    Your website provided us with useful information to work

    on. You have performed a formidable process and our whole

    community will be thankful to

    you.
    Here is my webpage - 4 Channel amplifier home audio

    ReplyDelete
  11. Really enjoyed this article, how can I make is so that I get an alert email whenever you make a fresh article?
    My weblog - tzoyiing.pixnet.net

    ReplyDelete
  12. Greetings! I know this is kind of off topic

    but I was wondering which blog platform are you using for this
    website? I'm getting tired of

    Wordpress because I've had issues with hackers and
    I'm looking at alternatives for another platform. I

    would be fantastic if you could point me in the direction of a good platform.
    my site > www.benakconsult.com

    ReplyDelete
  13. I believe this is one of the such a lot significant

    info for me. And i am happy studying your article.
    However should observation on few general things, The


    web site style is great, the articles is in point of fact great :
    D. Just right activity, cheers
    My webpage - http://kenyauptodate.blogspot.fr/2011/04/rhumba-maestros-burial-in-siaya-today.html

    ReplyDelete
  14. Hiya, I'm really glad I've found this information.

    Nowadays bloggers publish only

    about gossips and internet and this is actually
    annoying. A good blog with exciting content, this is what I need.
    Thanks for

    keeping this site, I will be visiting it. Do
    you do newsletters? Cant

    find it.
    My page www.windowsonline.nl

    ReplyDelete
  15. I'm typically to blogging and i actually respect your content. The article has actually peaks my interest. I am going to bookmark your site and maintain checking for brand spanking new information.
    Also see my webpage - real estate ngunnawal

    ReplyDelete
  16. I relish, cause I found exactly what I was taking a look for.
    You have ended my 4 day lengthy hunt! God Bless you man.
    Have a great day. Bye
    Also see my webpage - skutery-info.pl

    ReplyDelete
  17. Thank you, I've recently been looking for information

    about this subject for ages and yours is the best I've
    found out so far. But, what about the conclusion?
    Are you positive in regards to the supply?
    My webpage - Property Rx jacksonville

    ReplyDelete
  18. Hey there are using Wordpress for your site
    platform? I'm new to the

    blog world but I'm trying to get started and set up my own.
    Do you require any html coding

    knowledge to make your own blog? Any help would be greatly appreciated!
    Feel free to visit my webpage - Egg donation Spain

    ReplyDelete
  19. Hmm is anyone else encountering problems with the pictures on this
    blog loading? I'm trying

    to figure out if its a problem on my end or if it's the
    blog. Any

    suggestions would be greatly appreciated.
    Feel free to surf my web-site ; goldbut.com

    ReplyDelete
  20. I am so happy to read this. This is the kind of manual that needs to be given and
    not the random misinformation that is at the other
    blogs. Appreciate your sharing this greatest doc.


    Here is my site; http://wiki.8bitklubben.dk/index.php?title=Spain:_From_Beach_Resorts_To_Famous_Spanish_Art

    ReplyDelete
  21. I was recommended this website via my cousin.

    I'm not positive whether this submit is

    written via him as nobody else know

    such designated

    approximately my trouble. You're incredible! Thank you!


    Here is my website - http://design-buzz.com/story.php?title=cinexs-com-blog-view-traveling-to-and-round-the-borde-blanca-spain

    ReplyDelete
  22. After research just a few of the weblog posts in your

    website now, and I actually like your way of blogging. I

    bookmarked it to my bookmark website checklist and will be checking again soon.
    Pls take a look at my web page as well and let me know what you think.


    Here is my blog post: thermomix tm31 murcia

    ReplyDelete
  23. There are definitely plenty of particulars like that to take into consideration.

    That could

    be a great level to carry up. I offer the thoughts above as

    common inspiration however clearly there are questions just like the one you

    bring up where a very powerful thing

    might be working in honest good faith. I

    don?t know if greatest practices have emerged round
    things like that, but I am sure that your job is clearly recognized as a fair game.
    Each boys

    and girls really feel the influence of just a second’s

    pleasure, for the rest of their lives.

    My webpage - http://www.moheak.com/groups/spanish-apartment-rentals-costa-blanca-north-what-are-the-benefits-of-renting-properties/

    ReplyDelete
  24. Hello! I know this is kinda off topic

    but I was wondering if you knew where I could get a captcha
    plugin for my comment form? I'm using the same

    blog platform as yours and I'm having difficulty finding
    one? Thanks a lot!

    Also visit my weblog: www.onestep-1.com

    ReplyDelete
  25. toms outlet, http://www.tomsoutlet-stores.com/
    nike roshe, http://www.nikerosherunshoes.co.uk/
    prada handbags, http://www.pradahandbagsoutlet.co.uk/
    soccer jerseys, http://www.cheapsoccerjersey.net/
    michael kors outlet store, http://www.michaelkorsoutlet-store.us.com/
    true religion jeans, http://www.truereligionjeansoutlets.us.com/
    oakley sunglasses, http://www.oakleysunglasses-outlet.us.com/
    nike free 5, http://www.nikefree5.us/
    louis vuitton bags, http://www.louisvuittonbag.us.com/
    chanel handbags, http://www.chanelhandbags-outlet.co.uk/
    chanel handbags, http://www.chanelhandbags-outlet.us.com/
    louis vuitton handbags, http://www.louisvuittonhandbag.us/
    louis vuitton outlet, http://www.louisvuittonoutlet.in.net/
    ghd hair straighteners, http://www.ghdhairstraightenerssale.co.uk/
    nba jerseys, http://www.nbajerseys.us.com/
    coach outlet, http://www.coachoutletstores.com.co/
    true religion jeans, http://www.truereligionjeanscanada.com/
    swarovski crystal, http://www.swarovskicrystals.co.uk/
    mbt shoes, http://www.mbtshoesoutlet.us.com/
    michael kors handbags, http://www.michaelkorshandbags.in.net/
    chanel handbags, http://www.chanelhandbagsoutlet.in.net/
    michael kors outlet online, http://www.michaelkorsoutletonline.in.net/
    polo ralph lauren, http://www.poloralphlauren.us.org/
    the north face clearance, http://www.thenorthfaceclearances.us.com/
    jordan shoes, http://www.jordan-shoes.us.com/
    beats by dr dre, http://www.beatsbydrdre-headphones.us.com/
    the north face uk, http://www.thenorthfaces.org.uk/
    0929maoqiuyun

    ReplyDelete
  26. steelers jerseys, http://www.pittsburghsteelersjersey.com/
    michael kors handbags, http://www.michaelkorsusa.us/
    cheap ugg boots, http://www.uggaustralia.in.net/
    kobe bryants shoes, http://www.kobeshoes.us/
    louis vuitton handbags outlet, http://www.louisvuittonhandbag.us/
    true religion outlet, http://www.truereligionjeansoutlet.com/
    cheap nba jerseys, http://www.nbajerseys.us.com/
    san antonio spurs, http://www.sanantoniospursjersey.com/
    tiffany and co, http://www.tiffanyandco.in.net/
    wellensteyn outlet, http://www.barbour.us.com/
    adidas outlet, http://www.adidasoutletstore.us.com/
    canada goose outlet, http://www.canadagooseoutlet.com.co/
    michael kors outlet, http://www.michaelkorsoutlet-store.us.com/
    bottega veneta outlet, http://www.bottegaveneta-outlet.net/
    canada goose outelt, http://www.uggbootscheap.eu.com/
    hollister shirts, http://www.hollistershirts.co.uk/
    tiffany and co, http://www.tiffany-outlet.us.com/
    swarovski outlet, http://www.swarovski-outlet.co.uk/
    basketball shoes,basketball sneakers,lebron james shoes,sports shoes,kobe bryant shoes,kobe sneakers,nike basketball shoes,running shoes,mens sport shoes,nike shoes
    winter jackets, http://www.cybermonday2015.us.com/
    mm1017

    ReplyDelete
  27. Are you facing issues in loading Gmail account? This is a problem which often occurs but can be resolved by taking a few simple steps. Gmail technical support team is always present for helping customers and if these steps do not help you to use your Gmail account properly you can always resort to Gmail technical associates who will readily take up the issue and resolve the problem.https://www.buzzfeed.com/jiprinojit/gmail-support-services-to-resolve-2hmtt

    ReplyDelete
  28. In my opinion, the Ambassador 8 outperformed the signature Lebron XIII, last year’s Soldier 9, and, with KD shoes confidence, outperforms the current Soldier 10. Today we get a first glimpse at the rumored Nike Lebron Ambassador 9.While there are very Kobe 10 little details about the shoe, we can already tell the outsole uses XDR rubber for outdoor traction. Most overseas models utilize the Adidas Basketball Shoes more dense XDR rubber due to the nature of the outdoor courts that the shoe is played on. The cushion set up Curry 3.5 is unknown, however, what is visible is the heel Zoom. I personally hope they utilize slightly bigger or even the same Zoom Cheap KD Shoes Air unit used in its predecessor (the Ambassador 8) because that cushion set up was amazing. The traction pattern uses a non-traditional Curry 2 setup with a mixture of aggressive herringbone patterns with some similar diamond grid pattern from last year’s model (which I loved).What disappears LeBron 10 from its predecessor is the TPU wings for its lacing as the Ambassador 9 opts for a more traditional system. Fuse is Kyrie irving shoes on the high-wear areas along with a full mesh upper. Lebron James’ symbol hits the toe while his jersey number is flaunted KD Trey 5

    ReplyDelete