A Dutch company said to have issued a certificate for Google.com to someone other than Google, who then used it to try to re-direct traffic of users based in Iran.
According to Google, someone reported that as they log in to Gmail. Their browser issued a warning about the digital certificate.
The member of Google group forum named Alibo posted a screenshot of the said certificate and said that he saw the certificate while log in on Google Chrome. He then added that he suspect that it is the ISP provider or their government that are responsible for the attack. The guy noted that he live in Iran and mentions something about the Komodo hacker.
It is clear that the browser sees the certificate as a fraud. However, other browser can not detect the site as a fraud. If any user would be curious enough, to click on the link then, the users could end up on the site that claims to be Google.com. This could be damaging as the site might contain some malicious software hidden in it.
Cnet also thinks that the certificate is deceitful.
A Google spokesman confirms that Chrome has the capability of warning the users against any fraudulent certificates. He then added that they got pleased that Chrome has protected the user from opening the file. Currently, they are still investigating the certificate, and they are going to block any certificates signed by Diginotar.
Mozilla claim that it was because the degree of the mis-issuance is not obvious they are going to release a new version of Firefox… shortly that is going to revoke the trust in the DigiNotar root and defend from such attack. They encourage all users to update their software frequently. Users can also manually stop the DigiNotar root through the Firefox preferences.
The certificate comes from DigiNotar, based in the Netherlands. Representatives from the company have not immediately respond to an email that seeks comment today, and an automated message answering the phone saying that the offices closed for the night, and tendered no voice-mail option.
To date, this is not the first time that such a thing had happened. The situation is familiar since the same situation had happened before back in March, wherein spoofed certificates found that involves Google, Yahoo, Microsoft, and other key sites, and they used Internet Protocol addresses in Iran. In that case, the fake, digital certificates obtained from reseller partners of certificate authority Comodo and a 21-year-old Iranian patriot took credit for the attack, claiming that he does it to protest against the U.S. foreign policy.