BOfH
08-30-2011, 16:03
http://isc.sans.org/diary/DigiNotar+SSL+Breach/11479
The attacker(s) generated a valid wildcard certificate for google.com. This means they can "legitimately" present themselves as "anything dot google dot com" via SSL(HTTPS), and steal ones Google credentials without the browser notifying you of any issues with the certificate presented. At the moment, the phishing attempts were targeted against Iranian Google users.
According to a pastebin post(http://pastebin.com/ff7Yg663), the certificates serial is 05:e2:e6:a4:cd:09:ea:54:d6:65:b0:75:fe:22:a2:56 and the thumbprint is 3b 0c 91 34 b9 79 48 74 17 f2 b8 c5 bc e7 22 b9 fb 6d f6 4a
http://support.mozilla.com/en-US/kb/deleting-diginotar-ca-cert
http://www.microsoft.com/technet/security/advisory/2607712.mspx
The attacker(s) generated a valid wildcard certificate for google.com. This means they can "legitimately" present themselves as "anything dot google dot com" via SSL(HTTPS), and steal ones Google credentials without the browser notifying you of any issues with the certificate presented. At the moment, the phishing attempts were targeted against Iranian Google users.
According to a pastebin post(http://pastebin.com/ff7Yg663), the certificates serial is 05:e2:e6:a4:cd:09:ea:54:d6:65:b0:75:fe:22:a2:56 and the thumbprint is 3b 0c 91 34 b9 79 48 74 17 f2 b8 c5 bc e7 22 b9 fb 6d f6 4a
http://support.mozilla.com/en-US/kb/deleting-diginotar-ca-cert
http://www.microsoft.com/technet/security/advisory/2607712.mspx