Google tells users in Iran to change their passwords
| at 16:22
0
comments
Labels :
Google is telling people in Iran to change their passwords and take
other security precautions in the
wake of an Internet attack in which the google.com domain was spoofed.
"While Google's internal systems were not compromised, we are directly contacting
possibly affected users and providing similar information below because our top priority
is to protect the privacy and security of our users," he wrote.
Specifically, Google recommends that users in Iran change their passwords;
verify their account recovery options; check the Web sites and applications that
are allowed to access their Google account; check Gmail settings for suspicious
forwarding addresses or delegated accounts; and pay attention to warnings that
appear in the Web browser and don't click past them.
An Iranian hacker has taken credit for breaking into a Dutch certificate authority
named DigiNotar and fraudulently creating more than 500 Secure Sockets Layer (SSL)
certificates used to authenticate Web sites, including one that was used in the wild to trick
people into thinking they were visiting a legitimate Google site when they weren't.
Google confirmed last week that users in Iran were primarily affected by the attack.
Chrome, Firefox, Internet Explorer, Windows and Adobe now blacklist DigiNotar certificates.
Mozilla also is asking certificate authorities to take certain actions designed to prevent
such problems from happening.
Digital certificates are supposed to serve as proof that a Web site is the site it claims
to be when a Web surfer uses an "https" connection. But the 600 or so companies
that provide the certificates have differing levels of security and no standard process
for automatically revoking fraudulent certificates.
wake of an Internet attack in which the google.com domain was spoofed.
We learned last week that the compromise of a Dutch company involved
with verifying the
authenticity of websites could have put the Internet
communications of many Iranians at risk,
including their Gmail," Eric
Grosse, Google's vice president of security engineering,
wrote in a blog post last night.
"While Google's internal systems were not compromised, we are directly contacting
possibly affected users and providing similar information below because our top priority
is to protect the privacy and security of our users," he wrote.
Specifically, Google recommends that users in Iran change their passwords;
verify their account recovery options; check the Web sites and applications that
are allowed to access their Google account; check Gmail settings for suspicious
forwarding addresses or delegated accounts; and pay attention to warnings that
appear in the Web browser and don't click past them.
An Iranian hacker has taken credit for breaking into a Dutch certificate authority
named DigiNotar and fraudulently creating more than 500 Secure Sockets Layer (SSL)
certificates used to authenticate Web sites, including one that was used in the wild to trick
people into thinking they were visiting a legitimate Google site when they weren't.
Google confirmed last week that users in Iran were primarily affected by the attack.
Chrome, Firefox, Internet Explorer, Windows and Adobe now blacklist DigiNotar certificates.
Mozilla also is asking certificate authorities to take certain actions designed to prevent
such problems from happening.
Digital certificates are supposed to serve as proof that a Web site is the site it claims
to be when a Web surfer uses an "https" connection. But the 600 or so companies
that provide the certificates have differing levels of security and no standard process
for automatically revoking fraudulent certificates.
Subscribe to:
Post Comments (Atom)