September 24, 2016

Fraudulent Google.com Digital Certificate in the Wild

(LiveHacking.Com) – It has come to light that at least one fraudulent digital certificate has been issued by DigiNotar, a root certificate authority, for Google.com. The digital certificate affects the main domain and all the subdomains of Google.com and could be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against all Web browser users.

The problem for users is that because the certificate is valid,  the web browser will not display a warning message if a user went to a fake website signed with this certificate.

Microsoft have responded to the news by removing the DigiNotar root certificate from the Microsoft Certificate Trust List. It is likely that others like Apple and Mozilla will also block this certificate in the near future.

This isn’t the firs time that a fake certificate for Google.com has been issued by a certificate authority. Back in March of this year several false certificates where issued for popular domains, including Google.com, when a hacker breached the security at Comodo.

It’s unclear, at this time, how the certificate was obtained, but it is known that DigiNotar has revoked the digital certificate in question.

Share and Enjoy:
  • Print
  • Digg
  • StumbleUpon
  • del.icio.us
  • Facebook
  • Yahoo! Buzz
  • Twitter
  • Google Bookmarks