ID: IRCNE2011091245
Date: 2011-09-10
Google is telling people in Iran to change their passwords and take other security precautions in the wake of an Internet attack in which the google.com domain was spoofed.
"We learned last week that the compromise of a Dutch company involved with verifying the authenticity of websites could have put the Internet communications of many Iranians at risk, including their Gmail," Eric Grosse, Google's vice president of security engineering, wrote in a blog post last night.
"While Google's internal systems were not compromised, we are directly contacting possibly affected users and providing similar information below because our top priority is to protect the privacy and security of our users," he wrote.
Specifically, Google recommends that users in Iran change their passwords; verify their account recovery options; check the Web sites and applications that are allowed to access their Google account; check Gmail settings for suspicious forwarding addresses or delegated accounts; and pay attention to warnings that appear in the Web browser and don't click past them.
Google confirmed last week that users in Iran were primarily affected by the attack. Chrome, Firefox, Internet Explorer, Windows and Adobe now blacklist DigiNotar certificates.
Mozilla also is asking certificate authorities to take certain actions designed to prevent such problems from happening.
Related Links:
Microsoft: Stolen SSL certs can't be used to install malware via Windows Update
Hackers may have stolen over 200 SSL certificates
Hackers acquired Google digital certificate
- 2