{"id":502,"date":"2011-08-31T23:47:38","date_gmt":"2011-08-31T23:47:38","guid":{"rendered":"http:\/\/tech-no.104.210.61.21.xip.io\/?p=502"},"modified":"2011-09-01T17:55:05","modified_gmt":"2011-09-01T17:55:05","slug":"google-com-cert-posted-online-by-hackers-iran-possibly","status":"publish","type":"post","link":"https:\/\/tech-no.org\/?p=502","title":{"rendered":"*.google.com cert posted online by hackers! IRAN possibly?"},"content":{"rendered":"

\"\"<\/a><\/p>\n

see for yourself<\/p>\n

http:\/\/pastebin.com\/ff7Yg663<\/a><\/p>\n

also read here<\/p>\n

http:\/\/pastebin.com\/SwCZqskV<\/a><\/p>\n

If you are a mozilla Firefox user and wish to delete the cert, please see this post<\/p>\n

http:\/\/support.mozilla.com\/en-US\/kb\/deleting-diginotar-ca-cert<\/a><\/p>\n

 <\/p>\n

this is the first known thread that mentioned the posting.<\/p>\n

http:\/\/www.google.co.uk\/support\/forum\/p\/gmail\/thread?tid=2da6158b094b225a&hl=en<\/a><\/p>\n

 <\/p>\n

Microsoft also posted a prompt response<\/p>\n

Microsoft Releases Security Advisory 2607712<\/h3>\n

http:\/\/blogs.technet.com\/b\/msrc\/archive\/2011\/08\/29\/microsoft-releases-security-advisory-2607712.aspx<\/a><\/p>\n

 <\/p>\n

Google responded in the following statement<\/p>\n

Today we received reports of attempted SSL man-in-the-middle (MITM) attacks against Google users, whereby someone tried to get between them and encrypted Google services. The people affected were primarily located in Iran. The attacker used a fraudulent SSL certificate issued by DigiNotar, a root certificate authority that should not issue certificates for Google (and has since revoked it).<\/p><\/blockquote>\n

obviously it goes without saying, this is huge… somehow i missed this with my hectic work schedule. if you are like me and use an andoid<\/p>\n

ok, so it looks like the CA, DigiNotar somehow issued this and others without permission from Google.<\/p>\n

SSL Certificate Scandal Exposes Bug in Mac OS X<\/a><\/h3>\n

http:\/\/securitywatch.pcmag.com\/apple\/287205-ssl-certificate-scandal-exposes-bug-in-mac-os-x<\/a><\/p>\n

But you can configure your software to remove trust for particular certificates yourself. This is what user Seth Bromberger tried to do by removing trust of all DigiNotar certificates on his Mac using the Keychain software. Afterwards he tested by surfing to DigiNotar’s site and should have received warnings, but he didn’t.<\/p>\n

The problem turns out to be that if a site uses an EV-SSL (Extended Validation SSL) certificate, Keychain will ignore the fact that the user has marked it as untrusted.<\/p>\n

 <\/p><\/blockquote>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n","protected":false},"excerpt":{"rendered":"

see for yourself http:\/\/pastebin.com\/ff7Yg663 also read here http:\/\/pastebin.com\/SwCZqskV If you are a mozilla Firefox user and wish to delete the cert, please see this post http:\/\/support.mozilla.com\/en-US\/kb\/deleting-diginotar-ca-cert   this is the first known thread that mentioned the posting. http:\/\/www.google.co.uk\/support\/forum\/p\/gmail\/thread?tid=2da6158b094b225a&hl=en   Microsoft also posted a prompt response Microsoft Releases Security Advisory 2607712 http:\/\/blogs.technet.com\/b\/msrc\/archive\/2011\/08\/29\/microsoft-releases-security-advisory-2607712.aspx   Google responded in …<\/p>\n","protected":false},"author":7,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[5],"tags":[],"_links":{"self":[{"href":"https:\/\/tech-no.org\/index.php?rest_route=\/wp\/v2\/posts\/502"}],"collection":[{"href":"https:\/\/tech-no.org\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/tech-no.org\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/tech-no.org\/index.php?rest_route=\/wp\/v2\/users\/7"}],"replies":[{"embeddable":true,"href":"https:\/\/tech-no.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=502"}],"version-history":[{"count":4,"href":"https:\/\/tech-no.org\/index.php?rest_route=\/wp\/v2\/posts\/502\/revisions"}],"predecessor-version":[{"id":504,"href":"https:\/\/tech-no.org\/index.php?rest_route=\/wp\/v2\/posts\/502\/revisions\/504"}],"wp:attachment":[{"href":"https:\/\/tech-no.org\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=502"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/tech-no.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=502"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/tech-no.org\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=502"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}