- Strong quake hits Japan, triggering tsunami
- Sniper heaven: Pentagon’s self-guided bullets leave enemies nowhere to hide
- Violent gang taking advantage of immigration crisis, using border as recruiting hub
- Medicaid enrollment continues to soar under Obamacare, administration says
- Michelle Obama to Latinos: ‘We cannot afford to wait on Congress’ for immigration
- White House urges GOP to act ‘urgently’ on $3.7 billion request for illegal immigrants
- Politicians, criminals using ‘right-to-be-forgotten’ law EU courts forced upon Google
- Combat fatigue: elite special forces troops are ‘fraying,’ Gen. Joseph Votel warns
- German foreign minister to meet Kerry to discuss spying claims
- Florida police spokesman tells citizens: ‘Get yourself some firearms’
Hack may have hit Google users in Iran
Question of the Day
AMSTERDAM (AP) - Experts say the Iranian government may have been behind a hacking attack, allowing it to read Google email from dissidents who thought they were using secure connections.
Chicago-based Internet security firm Vasco said Wednesday its Dutch subsidiary, DigiNotar, detected the hack on July 19, compromising its security guarantees for "a number of domains, including Google.com." The company then quietly tried to fix the damage, but was alerted by the Dutch government Monday that it had missed Google, and perhaps others.
Google said in a post on its online security blog that "people affected were primarily located in Iran." It said that after consultation with Microsoft and Mozilla, users of the Chrome, Microsoft Explorer and Firefox browsers will receive warnings if they attempt to visit any website that uses DigiNotar certificates.
DigiNotar is one of the many firms that sells security certificates for the "SSL" cryptographic protocol _ in effect, one of the digital notaries that guarantee the privacy of communications between a user's browser and a website.
The company said the hackers were able to get into its infrastructure and issue fake certificates.
Finnish security company F-Secure said such certificates can be used by a government or corrupt Internet service provider to reroute traffic intended for Google without being detected.
"We saw a similar attack in May," the company said in a note on the incident published on its website.
"It's likely the Government of Iran is using these techniques to monitor local dissidents."
DigiNotar did not quickly respond to requests for information about what other bogus certificates were issued or how many users may have been affected, and where.
Vasco said DigiNotar only accounts for a tiny fraction of its business, and "the vast majority" of DigiNotar's offerings _ including its security certificates for communication with the Dutch tax authority _ were not affected.
TWT Video Picks
Democrats reveal an identity crisis by pretending to be what they're not
- Pentagon's self-guided bullets leave enemies nowhere to hide
- Michelle Obama to Latinos: 'We cannot afford to wait on Congress' for immigration
- Armed militia sets up Texas command center to 'fight for national sovereignty'
- Obama seeks brisk passage of border children funding bill
- Va. Democrat reportedly seeks nude shots of Kendall Jones
- Hamas orders civilians to die in Israeli airstrikes
- QADER: Extradite the assassin of Bangladesh's founding father
- Bloomberg: Pro-gun towns must lack roads
- Bush fixed bowling lanes that Obama wants to renovate
- New York City creates ID card so 500K illegal immigrants can get services
Obama's biggest White House 'fails'
Celebrities turned politicians
Athletes turned actors
20 gadgets that changed the world
Fighting in Iraq
World Cup's sexiest WAGs