گوگل، اعلام کرد که حملات MITM ای از درون ایران و از طریق گواهینامه SSL غیر معتبری (که توسط DigiNotar منتشر شده) بر علیه کاربران گوگل صورت گرفته است. کابران Google Chrome از این آسیب بدلیل امکانات امنیتی ای که در Chrome تعبیه شده در امان بودند. اما کاربران Firefox باید ابتدا CA نامعتبر رو حذف (طریقه حذف : کلیک کنید) کنن و سپس Password حساب گوگل خود را تغییر دهند.
کاربران IE هم بهتره به یک Browser امروزی Switch کنن 
متن خبر :
Today we received reports of attempted SSL man-in-the-middle (MITM) attacks against Google users, whereby someone tried to get between them and encrypted Google services. The people affected were primarily located in Iran. The attacker used a fraudulent SSL certificate issued by DigiNotar, a root certificate authority that should not issue certificates for Google (and has since revoked it).
Google Chrome users were protected from this attack because Chrome was able to detect the fraudulent certificate.
To further protect the safety and privacy of our users, we plan to disable the DigiNotar certificate authority in Chrome while investigations continue. Mozilla also moved quickly to protect its users. This means that Chrome and Firefox users will receive alerts if they try to visit websites that use DigiNotar certificates.
To help deter unwanted surveillance, we recommend that users, especially those in Iran, keep their web browsers and operating systems up to date and pay attention to web browser security warnings.
-------------------------------------------
پ ن :
علاقه مندی ها (Bookmarks)