Jump to content

Near SSL breach

CHiLL

By CHiLL
in General Chat

 Share

Recommended Posts

CHiLL Newbie

CHiLL

Posted
Posted

Some Iranian hackers hacked into Comodo (CA) and got forged certificates for sites such as GMail.com, login.live.com, login.skype.com, login.yahoo.com and addons.mozilla.com. The latter is the most dangerous because it could have meant that anyone who installed addons for Firefox could have been installing malware without knowning. However, these certificates have been marked as dodgy by major CAs, and the certificate IDs have been sent to client machines in the forms of Windows Updates and the likes.

 

This could have been more severe. Since the world of SSL/Certificates is based on trust, if it becomes compromised, the entire infrastructure of secure websites across the Internet would grind to a halt.

 

More info; http://www.theregister.co.uk/2011/03/23/gmail_microsoft_web_credential_forgeries/

Link to comment
Share on other sites
Scotteh Newbie

Scotteh

Posted
Posted

Hahaha bloody Iranians! They sit on white plastic garden chairs all day doing Fcuk all yet they hack into this lot!  :cool:

Genralising Iranians could be linked to racism. Racism is forbidden.
Link to comment
Share on other sites
CHiLL Newbie

CHiLL

Posted
  • Author
Posted

wow, could they have gotten into our emails and sent spam from them?

It would have been more them able to pretend to be that website, and successfully trick people. Also able to push malware/social engineering tricks towards the users. That couldn't access your mail accounts, but they could pose as the affected sites and appear genuine.

Link to comment
Share on other sites
ford1001 Newbie

ford1001

Posted
Posted

wow, could they have gotten into our emails and sent spam from them?

It would have been more them able to pretend to be that website, and successfully trick people. Also able to push malware/social engineering tricks towards the users. That couldn't access your mail accounts, but they could pose as the affected sites and appear genuine.

but with this happening, they could have recorded our email adresses and passwords?

Link to comment
Share on other sites
CHiLL Newbie

CHiLL

Posted
  • Author
Posted

wow, could they have gotten into our emails and sent spam from them?

It would have been more them able to pretend to be that website, and successfully trick people. Also able to push malware/social engineering tricks towards the users. That couldn't access your mail accounts, but they could pose as the affected sites and appear genuine.

but with this happening, they could have recorded our email adresses and passwords?

I suppose so, I hadn't thought of it that way.

Link to comment
Share on other sites
ford1001 Newbie

ford1001

Posted
Posted

wow, could they have gotten into our emails and sent spam from them?

It would have been more them able to pretend to be that website, and successfully trick people. Also able to push malware/social engineering tricks towards the users. That couldn't access your mail accounts, but they could pose as the affected sites and appear genuine.

but with this happening, they could have recorded our email adresses and passwords?

I suppose so, I hadn't thought of it that way.

I hope the didn't get into my one, just thought about my school email address

Link to comment
Share on other sites
CHiLL Newbie

CHiLL

Posted
  • Author
Posted

wow, could they have gotten into our emails and sent spam from them?

It would have been more them able to pretend to be that website, and successfully trick people. Also able to push malware/social engineering tricks towards the users. That couldn't access your mail accounts, but they could pose as the affected sites and appear genuine.

but with this happening, they could have recorded our email adresses and passwords?

I suppose so, I hadn't thought of it that way.

I hope the didn't get into my one, just thought about my school email address

It didn't actually effect anything. It was sorted out before any damage could be done. The certificates that were forged were blacklisted and issued out through browser updates and Windows updates.

Link to comment
Share on other sites
ford1001 Newbie

ford1001

Posted
Posted

wow, could they have gotten into our emails and sent spam from them?

It would have been more them able to pretend to be that website, and successfully trick people. Also able to push malware/social engineering tricks towards the users. That couldn't access your mail accounts, but they could pose as the affected sites and appear genuine.

but with this happening, they could have recorded our email adresses and passwords?

I suppose so, I hadn't thought of it that way.

I hope the didn't get into my one, just thought about my school email address

It didn't actually effect anything. It was sorted out before any damage could be done. The certificates that were forged were blacklisted and issued out through browser updates and Windows updates.

That is good, or any Australian student who logged into their email using gmail, which is the only one the government allows, would have been sending spam :/

Link to comment
Share on other sites
Scotteh Newbie

Scotteh

Posted
Posted

That may well be but tough shit! Take me to court!  :cool:

Or we could just ban you.

You could do but there's more chance of me becoming the next Pope............

Actually the chances of you being banned are becoming increasingly more promising.

Link to comment
Share on other sites
Der Walker-Kaiser Newbie

Der Walker-Kaiser

Posted
Posted

That may well be but tough shit! Take me to court!  :cool:

 

Or we could just ban you.

You could do but there's more chance of me becoming the next Pope............

Actually the chances of you being banned are becoming increasingly more promising.

 

 

Good. Bring it on. However, you need to give me three reasons why i'm being banned.....

Link to comment
Share on other sites
ford1001 Newbie

ford1001

Posted
Posted

That may well be but tough shit! Take me to court!  :cool:

 

Or we could just ban you.

You could do but there's more chance of me becoming the next Pope............

Actually the chances of you being banned are becoming increasingly more promising.

 

 

Good. Bring it on. However, you need to give me three reasons why i'm being banned.....

 

well

1. he is admin

2. you are a pain

3. he owns the site

Link to comment
Share on other sites
ford1001 Newbie

ford1001

Posted
Posted

I heavily rely on my Gmail account too, as do many other people across the globe, as well as organisations and educational services (in the UK at least).

Same here in australia, it is what the government gives us when we start school for school emails/internet login

Link to comment
Share on other sites
Scotteh Newbie

Scotteh

Posted
Posted

Good. Bring it on. However, you need to give me three reasons why i'm being banned.....

 

Easy.

 

1. Racist Remarks.

2. A lot of profanity being rude.

3. Provoking staff/trolling.

Link to comment
Share on other sites
Der Walker-Kaiser Newbie

Der Walker-Kaiser

Posted
Posted

That may well be but tough shit! Take me to court!  :cool:

 

Or we could just ban you.

You could do but there's more chance of me becoming the next Pope............

Actually the chances of you being banned are becoming increasingly more promising.

 

 

Good. Bring it on. However, you need to give me three reasons why i'm being banned.....

 

well

1. he is admin

2. you are a pain

3. he owns the site

 

1. and?

2. your opinion (which is wrong!)

3. so does luke

 

 

 

Good. Bring it on. However, you need to give me three reasons why i'm being banned.....

 

Easy.

 

1. Racist Remarks.

2. A lot of profanity being rude.

3. Provoking staff/trolling.

 

1. it's not racist - you've seen the news - it's a fact of life.

2. it's not being rude it's being truthful

3. it's not provoking, you replied - your problem!

Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

Our Network

Quick Links

About Us

Prodjex is a Kansas City web development company that provides end-to-end web development services for all things web related. Founded in 2017, we’ve grown quickly and provide web consulting services to clients not only in Kansas City, but across the US.

×
×
  • Create New...