Google advises Iran users to change passwords

September 9, 2011
Google has advised users of its online services in Iran to change their passwords following the theft of Internet security certificates from a Dutch company.

Google has advised users of its online services in Iran to change their passwords following the theft of Internet security certificates from a Dutch company.

"We learned last week that the compromise of a Dutch company involved with verifying the authenticity of websites could have put the of many Iranians at risk, including their Gmail," vice president of security engineering Eric Grosse said.

"While users of the Chrome browser were protected from this threat, we advise all users in Iran to take concrete steps to secure their accounts," Grosse said in a blog post late Thursday.

Iranians were advised to change their passwords, pay attention to warnings that pop up in and to block unfamiliar websites and applications that are allowed to access an account.

They were also told to check Gmail settings for suspicious forwarding addresses.

The Dutch has opened an investigation to determine who falsified 531 Internet security certificates in order to snoop on users in Iran, the Dutch Interior Ministry said Tuesday.

The falsified certificates, known as SSL certificates, belonged to Dutch company DigiNotar.

are used to verify to visitors that a particular website is authentic and are issued by DigiNotar and other firms known as Certification Authorities.

Internet users whose browsers are fooled by a false certificate could unwittingly reveal their activity to another party in what is known as a "man-in-the-middle attack."

Google said last week that it had "received reports of attempted SSL man-in-the-middle attacks against Google users, whereby someone tried to get between them and encrypted Google services.

"The people affected were primarily located in Iran," said Heather Adkins, an information security manager at Google.

Explore further: Web certificate fraud bears Iranian fingerprints

Related Stories

Experts suspect Iran involvement in Dutch hacking

September 5, 2011

(AP) -- Hackers who broke into a Dutch web security firm have issued hundreds of bogus security certificates for spy agency websites including the CIA as well as for Internet giants like Google, Microsoft and Twitter, the ...

Dutch launch Iran IT hacking probe

September 6, 2011

The Dutch secret service has opened an investigation to determine who falsified 531 Internet security certificates in order to snoop on users in Iran, the Dutch Interior Ministry said Tuesday.

Second firm warns of concern after Dutch hack

September 7, 2011

A company that sells certificates guaranteeing the security of websites, GlobalSign, said Tuesday it is temporarily halting the issuance of new certificates over concerns it may have been targeted by hackers.

Recommended for you

Power grid forecasting tool reduces costly errors

July 30, 2015

Accurately forecasting future electricity needs is tricky, with sudden weather changes and other variables impacting projections minute by minute. Errors can have grave repercussions, from blackouts to high market costs. ...

Microsoft describes hard-to-mimic authentication gesture

August 1, 2015

Photos. Messages. Bank account codes. And so much more—sit on a person's mobile device, and the question is, how to secure them without having to depend on lengthy password codes of letters and numbers. Vendors promoting ...

0 comments

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.