- A new study from trend micro found that Internet users different network from the Internet provider and University of Iran turned out in more than 40 are included as a clone of SSL certificate of the Diginotar.
The site and providers SSL certificate was used by the CA Netherlands, spy on Internet users in the Iran on a large scale.
In theory, a false certificate can be used to trick a user to visit a wrong version of a Web site or used, to communicate with the real site regardless of the users monitor.
In order for the Mengelabuinya of a false certificate, a hacker must however capable routing of Internet traffic goals through a server he controls. It is something that only Internet service provider or the Government with a single command, and can easily do.
Country Iran itself is not a CA (certificate authority). If they do, they can only a certificate of a rogue issue was out maneuvered. Because she not it naturally requires a certificate from the CA however as a trusted officials from Diginotar.
Trend micro see gaffe is that makes the leading providers of SSL certificates for websites, the Diginotar Dipermainkan by hackers in Iran. So that, through its official description, Saturday is offered (09.05.2011).
Using false certificates, by DigiNotar, at the moment almost hundreds thousands of unique IP addresses of Iran, who request access to google.com. Trend micro detects thousands of unique IPS request, google.com were identified. On August 4., the number of requests quickly grew until the certificate, has been revoked on 29.
The evidence shows is based on data that smart spy on protection network, which released uses a copy, the SSL certificate of the Diginotar, in the course of time thanks to the trend micro to Internet users in the Iran on a large scale.
(Type)
No comments:
Post a Comment