Web

Forged security certificate targets Gmail users

Gmail-SSL-DigiNotar

A fraudulent Google security certificate has found its way onto the web, making it possible for hackers to access the accounts of Gmail users, reports CNet. The certificate is reportedly being used to target Gmail users located in Iran.

The Secure Sockets Layer (SSL) certificate was issued by Dutch security authority DigiNotar to unidentified attackers on July 10. The attackers apparently tricked DigiNotar into thinking the request for the SSL certificate was coming from Google, which prompted the security authority to release the certificate.

Armed with the SSL certificate, the attackers have been able to set up fake versions of Google websites — Gmail appears to have been the focus — which appear genuine to both users and users’ web browsers, which can detect fake websites that do not have the proper SSL certificate.

Known as a “man in the middle” (MITM) attack, this technique allowed the hackers to fool users into entering their real Gmail credentials into the fake site, giving them access to those users’ email accounts.

A Gmail user in Iran, who goes by the name “alibo” first posted the problem to the Google users forum.

“Today, when I trid to login to my Gmail account I saw a certificate warning in Chrome. I took a screenshot and I saved certificate to a file.” wrote alibo. “When I used a vpn I didn’t see any warning! I think my ISP or my government did this attack (because I live in Iran and you may hear something about the story of Comodo hacker!)”

The Comodo alibo refers to was a similar case, which took place back in March. Certificate authority Comodo issued a variety of fraudulent digital certificates for sites owned by Google, Yahoo, Microsoft and others. A 21-year-old Iranian claimed to have been responsible for the attack, saying his actions were in protest of US foreign policy.

In this most recent instance, Google has so far only touted the security prowess of its Chrome browser.

“A Chrome security feature warned the user of the invalid certificate and blocked them from visiting the attacker’s site. We’re pleased that the security measures in Chrome protected the user and brought this attack to the public’s attention,” a Google spokesperson told CNet. “While we investigate, we plan to block any sites whose certificates were signed by DigiNotar.”

Mozilla also responded to the attack, saying on its blog, “Because the extent of the mis-issuance is not clear, we are releasing new versions of Firefox… shortly that will revoke trust in the DigiNotar root and protect users from this attack. We encourage all users to keep their software up-to-date by regularly applying security updates.”

DigiNotar has so far remained silent on its mistake.

UPDATE: Google’s Information Security Manager, Heather Adkins, has released an official statement on the Google online security blog. It reads:

Today we received reports of attempted SSL man-in-the-middle (MITM) attacks against Google users, whereby someone tried to get between them and encrypted Google services. The people affected were primarily located in Iran. The attacker used a fraudulent SSL certificate issued by DigiNotar, a root certificate authority that should not issue certificates for Google (and has since revoked it).

Google Chrome users were protected from this attack because Chrome was able to detect the fraudulent certificate.

To further protect the safety and privacy of our users, we plan to disable the DigiNotar certificate authority in Chrome while investigations continue. Mozilla also moved quickly to protect its users. This means that Chrome and Firefox users will receive alerts if they try to visit websites that use DigiNotar certificates.

To help deter unwanted surveillance, we recommend that users, especially those in Iran, keep their web browsers and operating systems up to date and pay attention to web browser security warnings.

[Image via joingate/Shutterstock]

Mobile

Amazon Prime Day 2019 will likely be on July 15, according to leaked email

It looks like we now have an idea of when Amazon Prime Day 2019 will be, thanks to a leaked email that was sent out to promote a vacuum cleaner deal for Prime Day. According to the email, the massive shopping event will take place on July…
Social Media

Here's how to unblock someone on Facebook when you've had a change of heart

Maybe you were a little too hasty blocking that one person on Facebook ... or maybe you just want to do a little spying to see what they're up to. Either way, you can fix the situation easily. Here's how to unblock someone on Facebook.
Music

The best free music download sites that are totally legal

Finding music that is both free and legal to download can be difficult. We've hand-picked a selection of the best free music download sites for you to legally download your next favorite album.
Computing

Dropbox’s all-new desktop app wants to be your one and only workspace

Dropbox has unveiled its most significant update yet as it continues to move away from its original core service as a place to store files in the cloud, toward a virtual workspace solution that offers all services in-app.
Social Media

Here's how to link your Instagram, Facebook accounts for social syncing

Instagram and Facebook go hand in hand. Here's how you can make the most of the superior integration offered by the two social media behemoths, which should help your pics gain more exposure in the long run.
Outdoors

For $5,000, Airbnb will take you around the world in 80 days. Airfare included

Airbnb's new Adventures allow travelers can book a mix of accommodations, food, and experiences in what Airbnb calls "bucket list" worthy trips, including a round-the-world trip for just $5,000
Smart Home

Walmart Grocery challenges Amazon with a new $98-a-year delivery option

The grocery delivery wars are hotting up. Walmart's latest effort is a $98-a-year subscription fee that offers free delivery on orders over $30. The service, called Delivery Unlimited, can be tried free for 15 days.
Home Theater

Netflix can drain your data in a hurry. Here's how to turn it down a notch

Ever wondered how much data you need to stream a show (or movie) on Netflix? You aren't alone. The answer could be anywhere from 1GB per hour to 7GB per hour, but there's more to it than that. Here's how to control your Netflix data.
Small Business

The 15 best tech jobs boast top salaries, high satisfaction, lots of openings

May may be coming to an end, but the bonanza of tech jobs just keeps coming. High-paying jobs abound at companies where people love to work. If you’re ready to make a change, this is a great time to look for something more fulfilling…
Mobile

American Airlines expands its fast in-flight Wi-Fi, but it will still cost you

American Airlines has completed the installation of satellite-based in-flight Wi-Fi for the whole of its mainline narrowbody fleet comprising more than 700 planes, mainly on its domestic routes. But the service still costs.
Computing

Genius uses 19th-century tech to prove Google copied its song lyrics

Song lyrics website Genius says that it proved that Google has been copying its lyrics and posting them on its own search results page. And Genius says it was able to do it by using a decidedly old-school form communications tech.
Photography

Adobe concocts an A.I. that can detect — and reverse — manipulated photos

The company behind the software that's often used to manipulate photographs may help make it easy to spot a fake photo. Researchers at Adobe recently created an artificially intelligent program that can recognize fake photos of faces.
Computing

Facebook’s crypto isn’t a new Bitcoin, it’s Disney Dollars for a new world order

Facebook has already secured tens of millions in investments for its new cryptocurrency for Facebook known as Libra. The platform is still being developed, but has already brought in backing from Visa, Mastercard and PayPal.
Computing

What is Libra? Here’s what you need to know about Facebook’s new cryptocurrency

Facebook released a white paper announcing its new cryptocurrency, Libra, which it intends as a way to enable more people around the world to process online payments. Here's how the new blockchain technology works.