• Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Home
  • About Darknet
  • Hacking Tools
  • Popular Posts
  • Darknet Archives
  • Contact Darknet
    • Advertise
    • Submit a Tool
Darknet – Hacking Tools, Hacker News & Cyber Security

Darknet - Hacking Tools, Hacker News & Cyber Security

Darknet is your best source for the latest hacking tools, hacker news, cyber security best practices, ethical hacking & pen-testing.

Hackers Get Hold Of Wildcard Google SSL Certificate – Could Hijack Gmail Accounts

August 30, 2011

Views: 17,999

One of the big discussions points this week is about a wildcard cert for Google that has leaked out from a Dutch company called DigiNotar. The certificate is good for all Google domains – it’s a *.google.com cert.

This is bad news and apparently has been in the wild for a while, some people are linking to deaths in Iran as the cert could be used to hijack Gmail accounts using a MITM attack.

If you want to check out the cert directly, you can do so here:

Gmail.com SSL MITM ATTACK BY Iranian Government – 27/8/2011

The story seems to originate here where a user in Iran noticed a MITM was being perpetrated on him – probably by his own ISP or government.

Is This MITM Attack to Gmail’s SSL ?

Hackers have obtained a digital certificate good for any Google website from a Dutch certificate provider, a security researcher said today. Criminals could use the certificate to conduct “man-in-the-middle” attacks targeting users of Gmail, Google’s search engine or any other service operated by the Mountain View, Calif. company.

“This is a wildcard for any of the Google domains,” said Roel Schouwenberg, senior malware researcher with Kaspersky Lab, in an email interview Monday.

“[Attackers] could poison DNS, present their site with the fake cert and bingo, they have the user’s credentials,” said Andrew Storms, director of security operations at nCircle Security.

Man-in-the-middle attacks could also be launched via spam messages with links leading to a site posing as, say, the real Gmail. If recipients surfed to that link, their account login username and password could be hijacked. Details of the certificate were posted on Pastebin.com last Saturday. Pastebin.com is a public site where developers — including hackers — often post source code samples.

According to Schouwenberg, the SSL (secure socket layer) certificate is valid, and was issued by DigiNotar, a Dutch certificate authority, or CA. DigiNotar was acquired earlier this year by Chicago-based Vasco, which bills itself on its site as “a world leader in strong authentication.”

Vasco did not reply to a request for comment.

The cert is valid, which is scary. One thing which is currently unknown is how the cert got out there, if it was a hack or a leak or someone from the outside got access to the DigiNotar CA.

If you want more technical details on how to verify the cert, you can check this out:

Internet death sentence for DigiNotar’s Root CA!

Security researcher and Tor developer Jacob Applebaum confirmed that the certificate was valid in an email answer to Computerworld questions, as did noted SSL researcher Moxie Marlinspike on Twitter. “Yep, just verified the signature, that pastebin *.google.com certificate is real,” said Marlinspike .

Because the certificate is valid, a browser would not display a warning message if its user went to a website signed with the certificate.

It’s unclear whether the certificate was obtained because of a lack of oversight by DigiNotar or through a breach of the company’s certificate issuing website.

Schouwenberg urged the company to provide more information as soon as possible.

“Given their ties to the government and financial sectors it’s extremely important we find out the scope of the breach as quickly as possible,” Schouwenberg said. The situation was reminiscent of a breach last March, when a hacker obtained certificates for some of the Web’s biggest sites, including Google and Gmail, Microsoft, Skype and Yahoo.

Then, Comodo said that nine certificates had been fraudulently issued after attackers used an account assigned to a company partner in southern Europe.

Initially, Comodo argued that Iran’s government may have been involved in the theft. Days later, however, a solo Iranian hacker claimed responsibility for stealing the SSL certificates.

Today, Kaspersky’s Schouwenberg said “nation-state involvement is the most plausible explanation” for the acquisition of the DigiNotar-issued certificate.

Google have also mentioned in on their security blog here:

Today we received reports of attempted SSL man-in-the-middle (MITM) attacks against Google users, whereby someone tried to get between them and encrypted Google services. The people affected were primarily located in Iran. The attacker used a fraudulent SSL certificate issued by DigiNotar, a root certificate authority that should not issue certificates for Google (and has since revoked it).

An update on attempted man-in-the-middle attacks

There was also quick action taken by both Mozilla and Microsoft.

It’s been pretty quiet really to say this is really a major issue, I hope more details come out about how this occurred. If you are using Firefox there are instructions on how to delete/distrust the DigiNotar CA here.

Source: Network World

Share180
Tweet90
Share5
Buffer
WhatsApp
Email
275 Shares

Filed Under: Exploits/Vulnerabilities, Legal Issues, Privacy Tagged With: gmail-hacking, google, hacking-gmail, man-in-the-middle, mitm



Primary Sidebar

Search Darknet

  • Email
  • Facebook
  • LinkedIn
  • RSS
  • Twitter

Advertise on Darknet

Latest Posts

AgentSmith HIDS - Host Based Intrusion Detection

AgentSmith HIDS – Host Based Intrusion Detection

padre - Padding Oracle Attack Tool

padre – Padding Oracle Attack Exploiter Tool

Privacy Implications of Web 3.0 and Darknets

Privacy Implications of Web 3.0 and Darknets

DataSurgeon - Extract Sensitive Information (PII) From Logs

DataSurgeon – Extract Sensitive Information (PII) From Logs

Pwnagotchi - Maximize Crackable WPA Material For Bettercap

Pwnagotchi – Maximize Crackable WPA Key Material For Bettercap

HardCIDR - Network CIDR and Range Discovery Tool

HardCIDR – Network CIDR and Range Discovery Tool

Topics

  • Advertorial (28)
  • Apple (46)
  • Countermeasures (225)
  • Cryptography (82)
  • Database Hacking (89)
  • Events/Cons (7)
  • Exploits/Vulnerabilities (430)
  • Forensics (64)
  • Hacker Culture (8)
  • Hacking News (228)
  • Hacking Tools (681)
  • Hardware Hacking (82)
  • Legal Issues (179)
  • Linux Hacking (72)
  • Malware (238)
  • Networking Hacking Tools (352)
  • Password Cracking Tools (104)
  • Phishing (41)
  • Privacy (218)
  • Secure Coding (118)
  • Security Software (233)
  • Site News (51)
    • Authors (6)
  • Social Engineering (37)
  • Spammers & Scammers (76)
  • Stupid E-mails (6)
  • Telecomms Hacking (6)
  • UNIX Hacking (6)
  • Virology (6)
  • Web Hacking (384)
  • Windows Hacking (169)
  • Wireless Hacking (45)

Security Blogs

  • Dancho Danchev
  • F-Secure Weblog
  • Google Online Security
  • Graham Cluley
  • Internet Storm Center
  • Krebs on Security
  • Schneier on Security
  • TaoSecurity
  • Troy Hunt

Security Links

  • Exploits Database
  • Linux Security
  • Register – Security
  • SANS
  • Sec Lists
  • US CERT

Footer

Most Viewed Posts

  • Brutus Password Cracker – Download brutus-aet2.zip AET2 (2,181,881)
  • Darknet – Hacking Tools, Hacker News & Cyber Security (2,172,351)
  • Top 15 Security Utilities & Download Hacking Tools (2,095,358)
  • 10 Best Security Live CD Distros (Pen-Test, Forensics & Recovery) (1,198,681)
  • Password List Download Best Word List – Most Common Passwords (931,843)
  • wwwhack 1.9 – wwwhack19.zip Web Hacking Software Free Download (774,475)
  • Hack Tools/Exploits (672,591)
  • Wep0ff – Wireless WEP Key Cracker Tool (528,859)

Search

Recent Posts

  • AgentSmith HIDS – Host Based Intrusion Detection August 31, 2023
  • padre – Padding Oracle Attack Exploiter Tool May 28, 2023
  • Privacy Implications of Web 3.0 and Darknets March 31, 2023
  • DataSurgeon – Extract Sensitive Information (PII) From Logs March 21, 2023
  • Pwnagotchi – Maximize Crackable WPA Key Material For Bettercap February 12, 2023
  • HardCIDR – Network CIDR and Range Discovery Tool December 29, 2022

Tags

apple botnets computer-security darknet Database Hacking ddos dos exploits fuzzing google hacking-networks hacking-websites hacking-windows hacking tool Information-Security information gathering Legal Issues malware microsoft network-security Network Hacking Password Cracking pen-testing penetration-testing Phishing Privacy Python scammers Security Security Software spam spammers sql-injection trojan trojans virus viruses vulnerabilities web-application-security web-security windows windows-security Windows Hacking worms XSS

Copyright © 1999–2023 Darknet All Rights Reserved · Privacy Policy