|
- Iran: Eight Prisoners Hanged on Drug Charges
- Daughter of late Iranian president jailed for ‘spreading lies’ - IRAN: Annual report on the death penalty 2016 - Taheri Facing the Death Penalty Again - Dedicated team seeking return of missing agent in Iran - Iran Arrests 2, Seizes Bibles During Catholic Crackdown
- Trump to welcome Netanyahu as Palestinians fear U.S. shift
- Details of Iran nuclear deal still secret as US-Tehran relations unravel - Will Trump's Next Iran Sanctions Target China's Banks? - Don’t ‘tear up’ the Iran deal. Let it fail on its own. - Iran Has Changed, But For The Worse - Iran nuclear deal ‘on life support,’ Priebus says
- Female Activist Criticizes Rouhani’s Failure to Protect Citizens
- Iran’s 1st female bodybuilder tells her story - Iranian lady becomes a Dollar Millionaire on Valentine’s Day - Two women arrested after being filmed riding motorbike in Iran - 43,000 Cases of Child Marriage in Iran - Woman Investigating Clinton Foundation Child Trafficking KILLED!
- Senior Senators, ex-US officials urge firm policy on Iran
- In backing Syria's Assad, Russia looks to outdo Iran - Six out of 10 People in France ‘Don’t Feel Safe Anywhere’ - The liberal narrative is in denial about Iran - Netanyahu urges Putin to block Iranian power corridor - Iran Poses ‘Greatest Long Term Threat’ To Mid-East Security |
Monday 05 September 2011Iranian users ultimate target in DigiNotar compromise
If you needed a confirmation of Google's claims that the rogue SSL issued by DigiNotar for *.google.com domains was used mainly to mount man-in-the-middle attacks against users from Iran, Trend Micro researchers offered it. Using the data collected by the company's Smart Protection Network, they noticed that the validation.diginotar.nl domain - used by Internet browsers to verify the authenticity of SSL certificates issued by the Dutch CA and mostly loaded by Dutch users - has seen a spike of requests from Iranian users from more than 40 different networks of ISPs and universities on August 28, the day before the existence of the rogue certificate was discovered. Five days later, the traffic from Iran has completely disappeared, and the domain was once again requested almost exclusively by Dutch Internet users. A deeper analysis of the data painted an even grimmer picture. "Outgoing proxy nodes in the US of anti-censorship software made in California were sending web rating requests for validation.diginotar.nl to the cloud servers of Trend Micro," shared the researchers. "Very likely this means that Iranian citizens, who were using this anti censorship software, were victims of the same man-in-the-middle attack. Their anti-censorship software should have protected them, but in reality their encrypted communications were probably snooped on by a third party." It is still unknown who was behind these attacks, but judging by the targeted users and the array of other sites for which rogue certificates were issued during the breach, the theory that the Iranian Government initiated it seems to fit best. Source: HELP NET SECURITY
Previous News :
Iranian Artists Express Concern Over Disappearing Lake
Next news : Iran ‘undecided’ on Kurdish rebel ceasefire 
|
