by Damon Poeter
Aug 30, 2011
A forged Web certificate for Google.com that provides the means to impersonate Gmail and other Google properties has been published online, according to media reports on Monday.
The counterfeit certificate is "valid for *.google.com, giving its unknown holders the means to mount transparent attacks on a wide range of Google users who access pages on networks controlled by the counterfeiters," according to The Register.
The encryption keys were apparently pilfered from an SSL certificate issued on July 10 by DigiNotar, a legitimate certification authority (CA) based in The Netherlands and owned by secure token vendor VASCO Data Security, according to reports. Such certificates are issued for websites and used in conjunction with the secure sockets layer, or SSL cryptographic protocol that secures communications across the Internet.
The SSL and Transport Layer Security (TLS) protocols allow client/server applications to communicate across networks while preventing third parties, including the network owners, from tapping into and eavesdropping on that communication. The use of a legitimate-looking certificate could be used to trick Internet users into revealing personal information like usernames and passwords, or even for intercepting and tampering with communications.
DigiNotar and other CAs issue digital certificates that validate the link between a public key and the CA-vouched identity of the individual, company, server or other entity named in the certificate. Critics of the SSL system say it has too many vulnerabilities, particularly in its reliance on CAs of varying track records to validate that certificate seekers are really who they say they are.
Internet users in Iran have reportedly encountered the forged certificate, with one Iranian user who first drew attention to its existence claiming that the certificate turned up while logging into Gmail from Google's Chrome browser.
Google said Monday it would block sites with certificates signed by DigiNotar pending the results of an investigation. The search giant claimed a new security feature included in its Chrome browser was what identified the bogus cert and alerted the Iranian user to its existence.
Mozilla said in a statement that DigiNotar had revoked the fraudulent certificate, "which should protect most users," but that it would still issue updates to its Firefox browsers. The company also posted instructions for manually disabling the DigiNotar root in Firefox.
It wasn't clear what damage, if any, had been caused by the counterfeit digital certificate to date.
Learn more about Search Engine Optimization, the most effective form of online advertising.
Search Engine Marketing is the fastest growing advertising medium in the world, projected to become 10x more powerful and influential than traditional media outlets such as: network television, cable television, local television, network radio, local radio, satellite radio, national newspapers, local newspapers, magazines, billboards, direct mail, telemarketing and more.
Discover the most powerful and effective form of advertising, Search Engine Optimization.
An aside for consideration are the segments of Search Engine Optimization. Clarification is required in terms of paid search marketing, sponsored search advertising, pay per click, email marketing (spam), and the foundation of strategic internet marketing: Organic Search Engine Optimization - Organic SEO in some circles also referred to as Natural Search Engine Optimization - Natural SEO.
Key Organic Search Engine Optimization Facts:
- Keyword search is the 2nd most popular online activity, rapidly approaching the popularity of email retrieval.
- 90% of all new website visitors are delivered by a major search engine and/or directory.
- 98% of all keyword search activity results are powered by the big 4 search engines: Google, Yahoo, MSN and AOL.
- Keyword search results on Google, Yahoo, MSN and AOL are all determined by a search engine spider and/or robot crawler.
- Recent internet marketing studies confirm that keyword searchers prefer the organic results at a 6 to 1 ratio vs. pay-per-click sponsored search advertising listings.
Is your corporate website being found early and often on the keywords and keyword phrases that best describe your products, services and industry?
Harness the power that our proven organic search engine optimization technologies can provide...
Contact the Peak Positions Organic SEO consulting specialists today.
Learn more about our client roster, one of the strongest in the SEO industry, and more importantly discover why our client-focused Organic Search Engine Optimization company maintains the highest client retention rate in the SEO industry.
"Our year over year order anniversary flowers revenues are climbing rapidly in a timid economy. If you are looking for an excellent SEO Company, we suggest Peak Positions" ...
SEO Case Study