Google warns Iranian users of possible security breach

Google warns Iranian users of possible security breach

Summary: Google has taken the step of informing Iranians that their Gmail account passwords may have been compromised after the DigiNotar breach.

SHARE:

Late last week, Google revealed that it's been been contacting Iranian users and advising that they change their Gmail passwords in the wake of the DigiNotar security certificate breach.

On August 30th, Google reported that an anonymous Iranian black hat cybercriminal going by the handle "Comodohacker" attempted an SSL man-in-the-middle (MITM) attack on Google services using that purloined DigiNotar certificate.

Essentially, Comodohacker was able to set up his own fake pages under the Google.com domain, intercepting user passwords when they thought they were legitimately logging into Gmail. And that attack primarily targeted users located in Iran.

Google claims that users of the Chrome browser should have been protected. But not everybody uses Chrome, and regardless, Google is strongly advising all of its Iranian customers to secure their accounts.

To be more precise, Google's blog entry says:

"While Google’s internal systems were not compromised, we are directly contacting possibly affected users and providing similar information below because our top priority is to protect the privacy and security of our users."

Google is recommending that users in Iran (and anyone else who suspects they may have been affected) to review their password recovery options, including any phone numbers or secondary e-mail addresses they can use to change their password if the need ever arises. It seems like a more than reasonably prudent measure.

Comodohacker is also claiming to have certificates for Facebook, Skype, Mozilla, Microsoft, Yahoo, Android and Twitter, as well as domainsbelonging to the CIA and Israel's Mossad, according to MSNBC.

The Google Chrome browser is already protected against DigiNotar-based attacks thanks to its ability to detect fraudulent certificates, but Google's disabled the DigiNotar certificate authority entirely to be on the safe side until things are resolved. And Mozilla Firefox, Apple Safari (On Mac OS X 10.5 and higher), and Opera have all followed suit.

Until DigiNotar cleans up its act, there are going to be a lot of exposed users out there - note Microsoft Internet Explorer's absence from that list of browsers. It's going to be interesting to see how this plays out. And again, if you suspect for even a moment that you've been compromised - change your password.

Update: A Microsoft spokesperson has reached out to clarify that it has taken similar steps to Google and Mozilla in protecting Internet Explorer users by blocking DigiNotar certificates.

Topics: Security, Apps, Browser, Cloud, Collaboration, Google, Mobility

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

4 comments
Log in or register to join the discussion
  • Google-Iran

    You mean Iranians now have to worry about Somalian infidels now too? Awesome.
    catman2112
  • One correction.

    "Until DigiNotar cleans up its act, there are going to be a lot of exposed users out there - note Microsoft Internet Explorer???s absence from that list of browsers."

    Not sure where that particular information came from, but Microsoft apparently already addressed it on 8/29. See:

    http://blogs.technet.com/b/msrc/archive/2011/08/29/microsoft-releases-security-advisory-2607712.aspx

    http://www.microsoft.com/technet/security/advisory/2607712.mspx

    As per the advisories, Microsoft already marked the certificate as suspect, & included it in their automatic updates.

    Interestingly enough, they did so *before* Apple:

    http://www.zdnet.com/blog/hardware/apple-finally-blocks-untrusted-diginotar-ssl-certificates-in-mac-os-x/14668?tag=search-results-rivers;item0
    spdragoo@...
  • RE: Google warns Iranian users of possible security breach

    What's with all the MS hate? They've had a patch out for two weeks.
    netham45
  • Make a run for the border

    We regret to inform you that the Revolutionary Guards and the Secret Police have been reading your emails. We hope this reaches you in time.
    Robert Hahn