nationwide interception of Facebook & webmail login credentials in Tunisia

James Firth james2 at jfirth.net
Wed Aug 31 09:23:43 BST 2011


Passive PROFITS wrote:
> So Cert Patrol just picked up an SSL certificate switch for
> encrypted.google.com; here's the new SHA1 fingerprint I've got...
> 
> F1:BD:D4:59:78:7F:6B:EB:2F:4D:A8:72:E1:74:86:53:79:6B:3A:DD
> 
> Anyone confirm they've also had a switch - it's not impossible I'm
> under attack, having fairly recently discovered a MiTM attack in
> progress, some months ago (mainly due to a fluke; didn't have cert
> patrol then!).

Almost certainly unrelated, but this story yesterday made me think back to
the above...

Google users targeted by forged security certificate

Security researchers have discovered a forged internet security certificate
designed to allow hackers to spy on Google users' private emails and other
communications.

http://www.telegraph.co.uk/technology/google/8730785/Google-users-targeted-b
y-forged-security-certificate.html

James Firth




More information about the ukcrypto mailing list