Google Wildcard SSL Certificate Stolen and Publicly Posted

Posted on Tuesday, August 30 2011 @ 15:22 CEST by Thomas De Maesschalck
Hackers have gained access to and made publicly available a digital SSL certificate for any Google website. This means that anyone with this certificate could perform a "man-in-the-middle" attack to target Gmail users, Google Plus users, or any other users using Google's online services. If a hacker is going to steal a certificate, this is definitely the one to get since its considered a wildcard certificate - good for any .Google.com domain. All a hacker has to do is present a fake web site which looks like Google, by poising of DNS or other means, and then present the stolen certificate. Because the certificate is legitimate for any .Google.com domain the users would have no warning at all that anything is amiss. Then the attacker could easily steal your login credentials gaining access to all of your Google services.

Read more at TechTribune.

About the Author

Thomas De Maesschalck

Thomas has been messing with computer since early childhood and firmly believes the Internet is the best thing since sliced bread. Enjoys playing with new tech, is fascinated by science, and passionate about financial markets. When not behind a computer, he can be found with running shoes on or lifting heavy weights in the weight room.


Loading Comments

Share this story!

Latest news

Latest reviews