Email Hack: 300,000 Iranians

"Network severely breached"

BBC: Up to 300,000 Iranians may have had their Google email monitored using security certificates stolen from Dutch firm DigiNotar. The figure came from a report into the breach at DigiNotar which let attackers generate hundreds of fake certificates. The report suggests the certificates were used in Iran to eavesdrop on email accounts. The list has been passed to Google so it can tell victims they may have come under government scrutiny >>>


07-Sep-2011
Share/Save/Bookmark

Recently by Ghormeh SabziCommentsDate
Majid Tavakoli: Prisoner of the day
5
Dec 02, 2012
Nasrin Sotoudeh: Prisoner of the day
2
Dec 01, 2012
Abdollah Momeni: Prisoner of the day
2
Nov 30, 2012
more from Ghormeh Sabzi
 
Joubin

An kas keh bedanad keh nadanad ..

by Joubin on

//news.ycombinator.com/item?id=2938993

"Use VPN, and change your passwords often, do not use internet explorer and keep your windows updated. " 

Electronic communication by its very nature is insecure if the adversary you seek to evade is a nation-state.  VPN and such are for commercial transactions where you seek to protect yourself from another corporate entity.  

By design, every nation-state has Root CA in every piece of electronic equipment out there.  The only exception -- and this for only a select nation-states e.g. Saudi Arabia -- is a BlackBerry.  

Open up your OS's CA list and take a gander at DOD - that is Department of Defense -- issued Root CAs.  The governments can read everything.

If you use any encryption you will be flagged.  If you use TOR, you will be flagged.

As of now, be advised, that none of the mobile phone OSs have issued updates for DigiNotar.  Your Chrome, FireFox, and Opera are also vulnerable, unless you either make sure you get the update patch, or at least on Mac OS X personally remove the DigiNotar Root CA.

Read up:

//www.google.com/search?q=site:news.ycombinator.com+diginotar+root+ca 


choghok

Gmail is still safer than most others

by choghok on

the reason that all talk is about gmail is because Google has came out with news about it, I guess till now almost all other mail providers has been hacked without telling. And you have been hacked only if you have logged in Gmail account while the certifications were valid.

 I think all this news will make people think that gmail is unsafe and other providers are safe.

Use VPN, and change your passwords often, do not use internet explorer and keep your windows updated.