It has been confirmed earlier that Netherland’s SSL certificate authority DigiNotar issued an internet security certificate to unknown attackers on July 10, 2011. But the main matter of fact is that after 2 months from that time this certificate has allowed those attackers to set up a duplicate copy of Google website which looks like genuine near about all its users.
Not only that, but apart from that they have also collected login information of many companies including Gmail service of Google. Though, still it is in the dark how they managed this SSL certificate or fake google.com security certificate.
This report was first appeared while an Iranian web user dropped that information into the wall of Google help forum by saying that Iranian government was the main culprit behind the release of this security certificate as well as attacks.
Though, Google Chrome’s in-built security measures have started to monitorize that issue, but the main matter of fact is very few are aware of this fact. So in a sentence it is quiet similar like last year Comodo attack, where this fake certificate had released a list of name of high profile companies under its name.
But the matter of fact is that lost of evidence are indicating that this issue regarding fake certificate have come within Iran.
With the sequence to the fact EFF (Electronic Frontier Foundation) has stated “The entire thing has highlighted several fundamental issues with SSL as well as the authority DigiNotar – who issue this certificate.”
In the mean time Google has blocked those entire websites which security certificates were issued by DigiNotar and sent them towards a full investigation. Though, open source company Mozilla has posted in their forum by requesting their users to remove DigiNotar fraudulent SSL certificate from their browser.