nationwide interception of Facebook & webmail login credentials in Tunisia
James Firth
james2 at jfirth.net
Wed Aug 31 09:23:43 BST 2011
Passive PROFITS wrote:
> So Cert Patrol just picked up an SSL certificate switch for
> encrypted.google.com; here's the new SHA1 fingerprint I've got...
>
> F1:BD:D4:59:78:7F:6B:EB:2F:4D:A8:72:E1:74:86:53:79:6B:3A:DD
>
> Anyone confirm they've also had a switch - it's not impossible I'm
> under attack, having fairly recently discovered a MiTM attack in
> progress, some months ago (mainly due to a fluke; didn't have cert
> patrol then!).
Almost certainly unrelated, but this story yesterday made me think back to
the above...
Google users targeted by forged security certificate
Security researchers have discovered a forged internet security certificate
designed to allow hackers to spy on Google users' private emails and other
communications.
http://www.telegraph.co.uk/technology/google/8730785/Google-users-targeted-b
y-forged-security-certificate.html
James Firth
More information about the ukcrypto
mailing list