gfxgfx
 
Please login or register.

Login with username, password and session length
 
gfx gfx
gfx
76793 Posts in 13502 Topics by 1651 Members - Latest Member: Arnold99 October 14, 2024, 11:14:54 pm
*
gfx*gfx
gfx
WinMX World :: Forum  |  Discussion  |  WinMx World News  |  Iran accused in 'dire' net security attack
gfx
gfxgfx
 

Author Topic: Iran accused in 'dire' net security attack  (Read 622 times)

0 Members and 1 Guest are viewing this topic.

Offline DaBees-Knees

  • WMW Team
  • *****
Iran accused in 'dire' net security attack
« on: March 24, 2011, 05:40:23 pm »
http://www.bbc.co.uk/news/technology-12847072

Quote
Hackers in Iran have been accused of trying to subvert one of the net's key security systems.

Analysis in the wake of the thwarted attack suggests it originated and was co-ordinated via servers in Iran.

If it had succeeded, the attackers would have been able to pass themselves off as web giants Google, Yahoo, Skype, Mozilla and Microsoft.

The impersonation would have let attackers trick web users into thinking they were accessing the real service.

Fake identity

The attack was mounted on the widely used online security system known as the Secure Sockets Layer or SSL. This acts as a guarantee of identity so users can be confident that the site they are visiting is who it claims to be. The guarantee of identity is in the form of a digital passport known as a certificate.

Analysis of the attack reveals that someone got access to the computer systems of one firm that issue certificates. This allowed them to issue bogus certificated that, if they had been used, would have let them impersonate any one of several big net firms.

It appears that the attackers targeted the SSL certificates of several specific net communication services such as Gmail and Skype as well as other popular sites such as Microsoft Live, Yahoo and the Firefox browser.

SSL certificate issuer Comodo published an analysis of the attack which was carried out via the computer systems of one of its regional affiliates. It said the attack exhibited "clinical accuracy" and that, along with other facets of the attack led it to one conclusion: "this was likely to be a state-driven attack."

It is thought it was carried out by the Iranian authorities to step up scrutiny of opposition groups in the country that use the web to co-ordinate their activity.

The bogus certificates have now been revoked and Comodo said it was looking into ways of improving security at its affiliates. Browsers have also been updated so anyone visiting a site whose credentials are guaranteed by the bogus certificates will be warned.

Writing on the blog of digital rights lobby group the Electronic Frontier Foundation, Peter Eckersley, said the attack posed a "dire risk to internet security".

"The incident got close to — but was not quite — an internet-wide security meltdown," he said.

"We urgently need to start reinforcing the system that is currently used to authenticate and identify secure websites and e-mail systems," said Mr Eckersley.

It seems KM missed his vocation.  :lol:  (Sorry that's a private joke)

WinMX World :: Forum  |  Discussion  |  WinMx World News  |  Iran accused in 'dire' net security attack
 

gfxgfx
gfx
©2005-2024 WinMXWorld.com. All Rights Reserved.
SMF 2.0.19 | SMF © 2021, Simple Machines | Terms and Policies
Page created in 0.012 seconds with 22 queries.
Helios Multi © Bloc
gfx
Powered by MySQL Powered by PHP Valid XHTML 1.0! Valid CSS!