Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I think so. This kind of thing are almost always targeted attacks.


The Thawte certificate is the certificate issued to google by request of google. This certificate is apparently being used to MITM connections to gmail that originate inside Iran. Outside of Iran BGPing a major ISP into routing through them, or setting up a standard "phishing" mirror site, no one outside of Iran should worry much.

It still is a good idea to blacklist that root certificate on your internet devices though. If this certificate is being used, who knows what other websites it has issued legitimate but malicious certificates for.


No one outside of Iran should worry about this particular google cert, you mean.

The obviously compromised root CA shipped by default in every computer in operation is something we very much should worry about. Who else has access to DigiNotar's cert? Surely there are players out there willing to pay more than Iran is...


Of course you should worry. The attacker may have sold the cert to other parties, not just Iran. Or if it was Iran directly, they may sell the certs to other parties to make a pretense of deniability.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: