By
updated 3/23/2011 6:40:56 PM ET 2011-03-23T22:40:56

Several security certificates used to authenticate and encrypt Web sessions have been found to be fraudulent, and could be deployed to trick users out of personal information on high-profile websites including Google, Yahoo and Skype.

Microsoft issued a statement Wednesday warning that a researcher had found nine corrupted secure sockets layer (SSL) certificates that could allow an attacker to “spoof content, perform phishing attacks or perform man-in-the-middle attacks against all Web browser users, including users of Internet Explorer.”

Secure Sockets Layer is an encryption protocol to ensure secure Internet connections. By using a fraudulent SSL certificate, an attacker can gain access to sensitive information from a website by posing as a legitimate third party.

The nine corrupted security certificates were issued by a hacker who used a stolen user name and password to access a server of the New Jersey-based IT firm Comodo, security firm Kaspersky Lab reported. Comodo said the attack was traced back to an IP address in Iran.

Comodo wrote on its website that it is possible the perpetrators had political motives to carry out the attacks.

“It does not escape notice that the domains targeted would be of greatest use to a government attempting surveillance of Internet use by dissident groups,” Comodo wrote.

Both Mozilla and Google Chrome have issued updates to recognize and automatically block the phony SSL certificates. Microsoft has issued a security update for all versions of Windows to address the problem.

Independent security researcher Jacob Appelbaum, who goes by the online handle “ioerror,” discovered the phony SSL certificates. Currently working for the University of Washington, Appelbaum has in the past been targeted by U.S. law enforcement agencies for his involvement with WikiLeaks.

© 2012 SecurityNewsDaily. All rights reserved

Discuss:

Discussion comments

,

Most active discussions

  1. votes comments
  2. votes comments
  3. votes comments
  4. votes comments