Posted on Tuesday, August 30 2011 @ 15:22 CEST by Thomas De Maesschalck
Hackers have gained access to and made publicly available a digital SSL certificate for any Google website. This means that anyone with this certificate could perform a "man-in-the-middle" attack to target Gmail users, Google Plus users, or any other users using Google's online services. If a hacker is going to steal a certificate, this is definitely the one to get since its considered a wildcard certificate - good for any .Google.com domain. All a hacker has to do is present a fake web site which looks like Google, by poising of DNS or other means, and then present the stolen certificate. Because the certificate is legitimate for any .Google.com domain the users would have no warning at all that anything is amiss. Then the attacker could easily steal your login credentials gaining access to all of your Google services.
Read more
at TechTribune.