05:20
checkitout
A recent
study found that Trend Micro Internet users in 40 different networks of
Internet providers and the University of Iranians turned out to contain fake
SSL certificate issued by DigiNotar.
Providers
and suppliers sites SSL certificate authority certificate in the Netherlands,
was used to spy on Internet users in Iran on a large scale.
In theory,
false certificates could be used to trick users into visiting a fake version of
a Web site, or used to control communication with the actual site without the
user noticing.
But the
trick of a false certificate, a hacker must be able to direct Internet traffic
routed through a server he controls. That's something only the Internet service
provider, or government with a single command, and can do so easily.
Iranian
state itself does not have a CA (Certificate Authority) itself. If they do,
they can only issue a certificate naughty deceived. However, because they do
not have to necessarily require an official certificate from a trusted CA as
DigiNotar.
Trend Micro
to see this rarity that makes the site an SSL certificate provider, DigiNotar
under the mercy of hackers in Iran. So was launched through its official
statement on Saturday (17/09/2011).
At this
time about hundreds of thousands of unique IP addresses access to google.com
Iran calls using fake certificates issued by DigiNotar. Trend Micro detects
thousands of unique IP addresses requested google.com has been identified. On 4
August the number of requests to increase rapidly until a certificate is
revoked on August 29.
The
evidence was based on data collected from time to time, thanks to the Trend
Micro Smart Protection Network is showing fake SSL certificate issued by
DigiNotar, used to spy on Internet users in Iran on a large scale.
Posted in: 
0 comments:
Post a Comment