Cyber thieves pose as Google+ social network

_65073179_googplus

Web browser makers have rushed to fix a security lapse that cyber thieves abused to impersonate Google+

The loophole exploited ID credentials that browsers use to ensure a website is who it claims to be.

By using the fake credentials, criminals created a website that purported to be part of the Google+ social media network.

The fake ID credentials have been traced back to Turkish security firm TurkTrust which mistakenly issued them.

Secure code
An investigation by TurkTrust revealed that in August 2011 it twice accidentally issued the wrong type of security credential, a form of identification known as an intermediate certificate. Instead of issuing low level certificates it mistakenly gave out two “master keys” that are typically only given to owners of websites. This master key is a guarantee of a site’s identity.

“These certificates could be used to impersonate any website to any browser without the end user being alerted that anything is wrong,” wrote security analyst Chester Wisniewski from Sophos in a blogpost about the security lapse.

The certificates are important, he said, because secure use of web shops and other services revolve around interaction between the master keys and the lower level security credentials.

The lapse was spotted when automatic checks built in to Google’s Chrome browser noticed the fake credentials.

Google, Microsoft and Firefox developer Mozilla have all issued updates which revoke the two wrongly issued master security certificates. In addition, Mozilla has updated Firefox to reject any certificate issued by TurkTrust while the browser maker investigates the security lapse.

This is not the first time that websites and browser makers have had a problem with security certificates. Fake certificates have been issued before now by several other firms and exposed confidential data including login names and passwords.

“It is really time we move on from this 20-year-old, poorly implemented system,” wrote Mr Wisniewski. “It doesn’t need to be perfect to beat what we have.”

Advertisements

14 thoughts on “Cyber thieves pose as Google+ social network

  1. I truly love your website.. Excellent colors & theme. Did you develop this web site yourself? Please reply back as I’m attempting to create my own personal blog and would like to know where you got this from or what the theme is named. Many thanks!

  2. You should take part in a contest for one of the best sites on the internet. I’m going to highly recommend this blog!

  3. Can I just say what a relief to discover somebody that truly understands what they are talking about on the net. You definitely realize how to bring a problem to light and make it important. More and more people should check this out and understand this side of your story. I was surprised you aren’t more popular because you most certainly possess the gift.

  4. Howdy! I could have sworn I’ve visited your blog before but after going through many of the articles I realized it’s new to me. Anyways, I’m certainly pleased I stumbled upon it and I’ll be bookmarking it and checking back often!

  5. Your style is really unique in comparison to other people I’ve read stuff from. Thanks for posting when you have the opportunity, Guess I will just bookmark this site.

  6. Hi there would you mind letting me know which webhost you’re utilizing? I’ve loaded your blog in 3 different web browsers and I must say this blog loads a lot faster then most. Can you recommend a good internet hosting provider at a fair price? Cheers, I appreciate it!

  7. I just wanted to make a brief comment to be able to appreciate you for those pleasant strategies you are showing on this website. My rather long internet lookup has finally been rewarded with excellent insight to write about with my two friends. I ‘d express that we website visitors are unquestionably fortunate to dwell in a fine network with many special professionals with useful tips. I feel extremely happy to have used the webpages and look forward to so many more thrilling minutes reading here. Thank you once again for a lot of things.

  8. I’d like to thank you for the efforts you have put in penning this blog. I really hope to see the same high-grade content from you in the future as well. In truth, your creative writing abilities has inspired me to get my very own site now 😉

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s