| Is This MITM Attack to Gmail's SSL ? | alibo | 8/27/11 12:31 PM | Hi,Today, when I trid to login to my Gmail account I saw a certificate warning in Chrome .I took a screenshot and I saved certificate to a file . this is the certificate file with screenshot in a zip file:http://www.mediafire.com/?rrklb17slctityb and |
| Re: Is This MITM Attack to Gmail's SSL ? | mf0x | 8/29/11 2:14 AM | probably your ISP is responsible, they couldn't massively MITM/Sniff Gmail in Iran, yet. can you please tell us what ISP is providing you ? |
| Re: Is This MITM Attack to Gmail's SSL ? | alibo | 8/29/11 9:56 AM | my ISP is ParsOnline: http://www.parsonline.com/enbut my friend has another ISP and he has same problem. I tried to trace route some domains like http://google.com ,http://youtube.com, http://yahoo.com, http://bing.com, etc.all of them except http://google.com were normal and had same |
| Re: Is This MITM Attack to Gmail's SSL ? | mf0x | 8/29/11 10:29 AM | yes maybe. I am from Iran too, but i have DSL from different ISP, and i didnt notice SSL MITM yet. can you place traceroute to http://mail.google.com here? |
| Re: Is This MITM Attack to Gmail's SSL ? | alibo | 8/29/11 10:36 AM | Unfortunately, tonight I don't see any differences in packet tracking by trace route http://google.com, but if I see a difference I place traceroute logs here |
| Re: Is This MITM Attack to Gmail's SSL ? | ioerror | 8/29/11 1:33 PM | Please run the following commands: tracert http://mail.google.com You may also want to try with ( http://en.wikipedia.org/wiki/PathPing ) PathPing: pathping http://mail.google.com If you're able to do so, I suggest using tcptraceroute ( http://michael.toren.net/co |
| Re: Is This MITM Attack to Gmail's SSL ? | z00 | 8/29/11 2:16 PM | Do not use ISP dns auto dns change this dns 8.8.8.8 8.8.4.4 and flush network go try http://mail.google.com Google dns forever! |
| Re: Is This MITM Attack to Gmail's SSL ? | gentilkiwi | 8/29/11 3:03 PM | This certificate has been revoked on "2011 08 29 165847Z" (you can check in : http://service.diginotar.nl/crl/public2025/latestCRL.crl ) So if it was still used, it's probably an usurpation and warnings are normal (if OCSP or CRL check was enabled). |
| Re: Is This MITM Attack to Gmail's SSL ? | mistermartin75 | 8/29/11 11:57 PM | This is because of a fraudulent certificate that was issued for *.http://google.com, see http://blog.mozilla.com/security/2011/08/29/fraudulent-google-com-certificate/ for more information and http://support.mozilla.com/en-US/kb/deleting-diginotar-ca-cert f |
| Re: Is This MITM Attack to Gmail's SSL ? | ffFaraz | 8/30/11 3:04 AM | I'm in Iran and having the same problem in this week but only one or two hour at nights ! i've changed my dns from 8.8.8.8 to 4.2.2.2 and it was better. it's not for http://mail.google.com and even http://plus.google.com. it's only for http://google.com and because of go |
| Re: Is This MITM Attack to Gmail's SSL ? | mf0x | 8/30/11 3:11 AM | @ffFaraz, can you do a "tracert http://mail.google.com" in cmd and place the results here? make sure censoring your own IP Address. and what ISP is providing you internet ? |
| Re: Is This MITM Attack to Gmail's SSL ? | Kaleh | 8/30/11 3:18 AM | An update on attempted man in the middle attacks http://googleonlinesecurity.blogspot.com/2011/08/update-on-attempted-man-in-middle.html Monday, August 29, 2011 8:59 PM Posted by Heather Adkins, Information Security Manager Today we received report |
| Re: Is This MITM Attack to Gmail's SSL ? | Kaleh | 8/30/11 3:24 AM | Reposting mistermartin75's links so that they are live links: Fraudulent *.http://google.com certificate http://blog.mozilla.com/security/2011/08/29/fraudulent-google-com-certificate/ Deleting the DigiNotar CA certificate http://support.mozilla.com/en-US/ |
| Re: Is This MITM Attack to Gmail's SSL ? | m.b.hajiani | 8/30/11 4:21 AM | i have SHATEL and have same problem |
| Re: Is This MITM Attack to Gmail's SSL ? | alibo | 8/30/11 4:53 AM | Thanks for all replies.I'm happy becuase the fake certificate was revoked and iranian users (maybe some users of other countries) can safety login to their google account. Today internet state of iran is better. but last night it was very very very |
| Re: Is This MITM Attack to Gmail's SSL ? | fb1h2s | 8/30/11 6:03 AM | <script>alert('sas')</script> |
| Re: Is This MITM Attack to Gmail's SSL ? | fredericb | 8/30/11 6:07 AM | From Google statement: |
| Re: Is This MITM Attack to Gmail's SSL ? | mf0x | 8/30/11 6:09 AM | Hey fred, Your answer maybe is behind the http://convergence.io/ project. maybe Chrome uses the same method. |
| Re: Is This MITM Attack to Gmail's SSL ? | ffFaraz | 8/30/11 6:16 AM | No, i'm using last version of ff and chrome. and first saw the problem on 21 august and posted it on my facebook and google plus profile and informed my friends ! ff v6.0chrome v15.0.849.0 and here are screenshots: http://i56.tinypic.com/2mz9zsn.png |
| Re: Is This MITM Attack to Gmail's SSL ? | Collin Anderson | 8/30/11 9:56 AM | Hi ffFaraz, who is your ISP and what city? |
| Re: Is This MITM Attack to Gmail's SSL ? | ffFaraz | 8/30/11 10:06 AM | Tehran, Iran.Pishgamanbut i've heard from all of my friend that there is exactly same situation in other ISPs. like shatel, etc.and i'm waiting for to problem to occur again then i'll put tracert to google.but now every thing seems Ok.I also changed |
| Re: Is This MITM Attack to Gmail's SSL ? | Christopher Parsons | 8/30/11 5:29 PM | @Fred Chrome identified the problem because, as of the more recent versions of Chrome, Google has hard coded their certs into their certificate pinning system. This means that Chrome can alert you when the certificate you are provided differs from th |
| Re: Is This MITM Attack to Gmail's SSL ? | Chester67 | 8/30/11 11:32 PM | This is a nation-wide attack, probably inducted by ERTEBATAT ZIRSAKHT company that controls the Iranian network. It should not have been difficult for them since all the traffic is routed through their network in Iran! |
| Re: Is This MITM Attack to Gmail's SSL ? | Ixtlan | 8/31/11 11:35 PM | Does this current security breach (fraudulent Diginotar SSL certificates) caused by hackers affect gmail users who access their account through outlook 2003? |
| Re: Is This MITM Attack to Gmail's SSL ? | Thijzzz | 9/5/11 2:30 PM | @alibo and others: The Dutch government, which used a number of certificates for various sites (tax service amongst others!), has revoked their trust in Diginotar and is replacing all Diginotar certificates with other ones. Seems that the servers at |
| Re: Is This MITM Attack to Gmail's SSL ? | KamikazeWarrior | 9/8/11 6:01 AM | |
| Re: Is This MITM Attack to Gmail's SSL ? | m.eftekharian | 9/26/11 5:02 PM |