假google憑證 中間人攻擊事件 - Google

By Una
at 2011-09-01T16:15
at 2011-09-01T16:15
Table of Contents
source
http://www.google.co.uk/support/forum/p/gmail/thread?tid=2da6158b094b225a&hl=en
縮:http://goo.gl/12CK5
8/28 有名伊朗人登入google時,發現他的憑證是假的,
起先他以為是自己國家或isp發起的攻擊(因為他住伊朗)
chrome警告圖 http://d.pr/FUUH
後來發現不是,這是荷蘭CA DigiNotar http://d.pr/ODWY
不知道誰針對所有google user發起的 SSL man-in-the-middle (MITM) attacks
整起事件正在調查中
google跟mozila動作最快,已經暫時revoke這ca了
microsoft正在採取進一步行動中(未完成)
其他瀏覽器未知
對安全有疑慮的建議先把DigiNotar Root CA 手動設定為不信任
並把DNS設定為 8.8.8.8 & 8.8.4.4
微軟通報
http://blogs.technet.com/b/msrc/archive/2011/08/29/microsoft-releases-security-advisory-2607712.aspx
mozilla通報
http://blog.mozilla.com/security/2011/08/29/fraudulent-google-com-certificate/
google通報
http://googleonlinesecurity.blogspot.com/2011/08/update-on-attempted-man-in-middle.html
--
escapism :The tendency to escape from reality or routin
by indulging in daydreaming, fantasy, entertainment.
--
Tags:
Google
All Comments

By Gilbert
at 2011-09-05T14:23
at 2011-09-05T14:23

By Agnes
at 2011-09-09T23:10
at 2011-09-09T23:10
Related Posts
Edgeworld 心得

By Zora
at 2011-09-01T13:29
at 2011-09-01T13:29
Gmusic啟動

By Lily
at 2011-09-01T11:11
at 2011-09-01T11:11
Edgeworld 心得

By George
at 2011-09-01T06:27
at 2011-09-01T06:27
GMail推出離線版APP

By Tristan Cohan
at 2011-09-01T01:26
at 2011-09-01T01:26
如何用GOOGLE找包含特定文字的網站(址)?

By Ina
at 2011-08-31T22:04
at 2011-08-31T22:04