Ad: Manage updates with the Download App
ie8 fix
  • CNET
  • News
  • All man-in-the-middle attacks posts

man-in-the-middle attacks

Google users in Iran targeted in SSL spoof

For an unknown period of time this weekend, Gmail users in Iran who tried to access their accounts were at risk of having their log-in credentials stolen, after someone broke into a Dutch company to steal the digital equivalent of an identification card for Google.com.

"The people affected were primarily located in Iran," Google said in a post late last night. "The attacker used a fraudulent [Secure Sockets Layer] certificate issued by DigiNotar, a root certificate authority that should not issue certificates for Google (and has since revoked it)."

The problem surfaced yesterday after someone … Read more

False security: Is Bank of America lying to its customers?

A bank that guarantees its online users safety and security has direct evidence that its Web-based banking system may not be 100 percent bullet-proof.

Should that bank tell its customers? And if it doesn't, is it misleading, or even worse, lying, to them?

Bank of America, like many other financial institutions in the U.S., has jumped on the "two-factor" authentication bandwagon. Instead of having its customers log in with just a user name and password, these new schemes require some third bit of information.

Some banks choose to issue their customers a cryptographic hardware token (a … Read more