Hackers acquire Google certificate, could hijack Gmail accounts

[InfoSec News <alerts () infosecnews org>]

http://www.computerworld.com/s/article/9219569/Hackers_acquire_Google_certificate_could_hijack_Gmail_accounts

By Gregg Keizer
Computerworld
August 29, 2011

Hackers have obtained a digital certificate good for any Google website 
from a Dutch certificate provider, a security researcher said today.

Criminals could use the certificate to conduct "man-in-the-middle" 
attacks targeting users of Gmail, Google's search engine or any other 
service operated by the Mountain View, Calif. company.

"This is a wildcard for any of the Google domains," said Roel 
Schouwenberg, senior malware researcher with Kaspersky Lab, in an email 
interview Monday.

"[Attackers] could poison DNS, present their site with the fake cert and 
bingo, they have the user's credentials," said Andrew Storms, director 
of security operations at nCircle Security.

[...]


_____________________________________________________________
Register now for the #HITB2011KUL - Asia's premier
deep-knowledge network security event now in it's 9th year!
http://conference.hitb.org/hitbsecconf2011kul/