Google advises Iran users to change passwords

Sep 09, 2011
Google has advised users of its online services in Iran to change their passwords following the theft of Internet security certificates from a Dutch company.

Google has advised users of its online services in Iran to change their passwords following the theft of Internet security certificates from a Dutch company.

"We learned last week that the compromise of a Dutch company involved with verifying the authenticity of websites could have put the of many Iranians at risk, including their Gmail," vice president of security engineering Eric Grosse said.

"While users of the Chrome browser were protected from this threat, we advise all users in Iran to take concrete steps to secure their accounts," Grosse said in a blog post late Thursday.

Iranians were advised to change their passwords, pay attention to warnings that pop up in and to block unfamiliar websites and applications that are allowed to access an account.

They were also told to check Gmail settings for suspicious forwarding addresses.

The Dutch has opened an investigation to determine who falsified 531 Internet security certificates in order to snoop on users in Iran, the Dutch Interior Ministry said Tuesday.

The falsified certificates, known as SSL certificates, belonged to Dutch company DigiNotar.

are used to verify to visitors that a particular website is authentic and are issued by DigiNotar and other firms known as Certification Authorities.

Internet users whose browsers are fooled by a false certificate could unwittingly reveal their activity to another party in what is known as a "man-in-the-middle attack."

Google said last week that it had "received reports of attempted SSL man-in-the-middle attacks against Google users, whereby someone tried to get between them and encrypted Google services.

"The people affected were primarily located in Iran," said Heather Adkins, an information security manager at Google.

Explore further: Twitter takes note of other apps on smartphones

add to favorites email to friend print save as pdf

Related Stories

Dutch launch Iran IT hacking probe

Sep 06, 2011

The Dutch secret service has opened an investigation to determine who falsified 531 Internet security certificates in order to snoop on users in Iran, the Dutch Interior Ministry said Tuesday.

Experts suspect Iran involvement in Dutch hacking

Sep 05, 2011

(AP) -- Hackers who broke into a Dutch web security firm have issued hundreds of bogus security certificates for spy agency websites including the CIA as well as for Internet giants like Google, Microsoft and Twitter, the ...

Second firm warns of concern after Dutch hack

Sep 07, 2011

A company that sells certificates guaranteeing the security of websites, GlobalSign, said Tuesday it is temporarily halting the issuance of new certificates over concerns it may have been targeted by hackers.

Recommended for you

UN moves to strengthen digital privacy (Update)

Nov 25, 2014

The United Nations on Tuesday adopted a resolution on protecting digital privacy that for the first time urged governments to offer redress to citizens targeted by mass surveillance.

Spotify turns up volume as losses fall

Nov 25, 2014

The world's biggest music streaming service, Spotify, announced Tuesday its revenue grew by 74 percent in 2013 while net losses shrank by one third, in a year of spectacular expansion.

Virtual money and user's identity

Nov 25, 2014

Bitcoin is the new money: minted and exchanged on the Internet. Faster and cheaper than a bank, the service is attracting attention from all over the world. But a big question remains: are the transactions ...

User comments : 0

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.