One of the ways that Google uses to make its services more secure is to provide a connection HTTPS them. This is possible thanks to a security certificate, which ensures that communication is taking place between a user and a server and it is not always possible to forge. But today Google has discovered an attempt to attack your users using a false certificate issued fraudulently.
The attack is the type of man-in-the-middle, which is characterized by having a person intercepting, collecting and / or analyzing data from a particular connection that should be private. The first to notice these attacks was the Iranian user Ali Borhani who posted the screenshot above the Google help forum, showing that Chrome prevented him to put your login and password to realize that it was a certificate less than legitimate issued by DigiNotar. This Chrome protection is something that Google has already implemented a few months ago.
In addition to Google, Mozilla also received warnings of attacks and fraudulent certificate and was still a bit beyond the Mountain View giant. The company released today updates for all versions of Firefox (desktop and mobile), Thunderbird and SeaMonkey abrogating the reliability of all certificates issued by DigiNotar.
It is good to keep in mind that forging a security certificate is not one of the simplest tasks. This type of certificate is used as standard in several operations that require a secure login, such as banking or access to all email. So when someone can create such a certificate, passing by a company of Google’s size, the goals behind this attack are usually quite high. And its consequences as well.
And that is the point that Roel Schouwenberg, security analyst Kasperksy, is keen to geton the company blog. He says the attacks are not so important, but the reason behind them. The analyst points out that the company that issued the certificate was purchased earlier this year by Vasco, a giant in the certificate issuance area and works primarily with banking institutions. The very DigiNotar has ties with the Dutch government, which may indicate potential political motives behind this attack.
Still can not know the extent of the attacks, since this certificate has been issued for at least 5 weeks. But Schouwenberg warns that, at least this time, it is better that this failure serious security not pass as unnoticed as the attack on RSA.