Compromise related to fraudulent digital certificates is traced to IP addresses in Iran, Comodo says.
(Credit: Comodo)A malicious attacker that appears to be the Iranian government managed to obtain supposedly secure digital certificates that can be used to impersonate Google, Yahoo, Skype, and other major Web sites, the security company affected by the breach said today.
Comodo, a Jersey City, N.J.-based firm that issues digital certificates, said the nine certificates were fraudulently obtained, including one for Microsoft's Live.com, have already been revoked. A fraudulent certificate allows someone to impersonate the secure versions of those Web sites--the ones that are used when encrypted connections are enabled--in some circumstances.
The Internet Protocol addresses used in the attack are in Tehran, Iran, said Comodo, which believes that because of the focus and speed of the attack, it was "state-driven." Spoofing those Web sites would allow the Iranian government to use what's known as a man-in-the-middle attack to impersonate the legitimate sites and grab passwords, read e-mail messages, and monitor any other activities its citizens performed, even if the connections were protected with SSL (Secure Sockets Layer) encryption.
The attacker tested the certificate for "login.yahoo.com," but because it had been revoked, most browsers attempting to communicate with the site would see that it was not a trusted site, Comodo Chief Executive Melih Abdulhayoglu told CNET.
For the rest of the story click here.
No comments:
Post a Comment