Google is going on the offensive, advising its Iranian users to change their email passwords to avoid falling victim to online attacks.
The news comes after the massive DigiNotar breach on July 19, during which an Iranian hacker stole a Google authentication certificate from DigiNotar, a Dutch certificate authority (CA).
The theft allowed the hacker to set up fraudulent Web pages under a legitimate Google domain name, and in turn harvest the personal information from any visitors to his spoofed sites.
"We learned last week that the compromise of a Dutch company involved with verifying the authenticity of websites could have put the Internet communications of many Iranians at risk, including their Gmail," Eric Grosse, Google's VP of security engineering, wrote on a company blog.
The Iranian perpetrator, who calls himself "Comodohacker," also claims to have stolen certificates for 531 sites, including Facebook, Skype, Mozilla, Microsoft, Yahoo, Android and Twitter, as well as domains belonging to the CIA and Israel's Mossad.
Better safe than sorry
While its possible Comodohacker hasn't maliciously deployed any of his stolen certificates, Google is playing it safe.
"While Google's internal systems were not compromised, we are directly containing possibly affected users and providing similar information below because our top priority is to protect the privacy and security of our users."
Google recommends Iranian users change their passwords and verify their account recovery options, including secondary email addresses, phone numbers and other information that "can help you regain access to your account if you lose your password."
Users are also urged to review the websites and applications that have access to their accounts, and to revoke any that are unfamiliar, and to check their Gmail settings for " suspicious forwarding addresses or delegated accounts."
Google also warns customers to "pay careful attention to warnings that appear in your Web browser and don't click past them."
Graham Cluley from the security company Sophos points out that Google is prudent in advising Iranian users to take swift action.
"Even if hackers who broke into your Gmail account no longer know your password, there are still things they could have done while they had access to your email which will allow them to continue to monitor your communications," including forwarding your emails to a separate account, Cluley said.
"Take Google's advice seriously and take steps to ensure that your account isn't compromised," Cluley wrote.
Apple, Mozilla take action
In other developments, Apple on Friday finally updated Mac OS X 10.6 Snow Leopard and 10.7 Lion to block certificates signed by DigiNotar.
Apple's Safari browser is embedded so deeply into Mac OS X that patches to Safari involve patching the operating system itself. (The Mac versions of Google Chrome, Mozilla Firefox and Opera have already been patched, as has the Windows version of Safari.)
Unfortunately, Apple is not patching Mac OS X 10.5 Leopard or Mac OS X 10.4 Tiger, which means that users of PowerPC-based Macs – which may be a quarter of all Macs in use – will have to avoid Safari from now on.
And on Thursday, the head of Mozilla's certificate authority program sent a very blunt message to all CAs: Clean up your acts by the end of next week, or we'll revoke your certificates.
"Participation in Mozilla's root program is at our sole discretion, and we will take whatever steps are necessary to keep our users safe," wrote Mozilla executive Kathleen Wilson in a publicly posted email.