Football Fans: Download the 2012 Schedule App from Google Play!


Go Back   Android Forums > Android Community > The Lounge > Computers & IT
Reload this Page Google certificate and phishing...a gentle warning.
Register Premium All Albums Social Groups Chat Live! Mark Forums Read



Reply
 
LinkBack Thread Tools
Old August 30th, 2011, 12:22 AM   #1 (permalink)
Banned
 
Join Date: Mar 2010
Location: In exile
Posts: 1,716
 
Device(s):
Thanks: 177
Thanked 1,252 Times in 483 Posts
Default Google certificate and phishing...a gentle warning.
Fraudulent Google credential found in the wild ? The Register

We have all seen this before, by now. So I have that urge to remind people never give out information to anyone but the person how you are doing business with. If it is not the website directly, don't give the information.

And please remember to use 2 step verification, I know it is a pain in the butt, but it will stop you from being hacked, I promise.

If you don't know what 2 step verification is, click the link.
How it works - Accounts Help

It will make you more or less bullet proof.

*edit, just watch the video, quick correction. If you are using application specific password, you need to use the same password on every device. For example, you will need to use the same password for the same account that works on you phone, tablet, and pc. When you change that passwords, you will need to change the password for every device you change. So keep the "one time password" around until you used it on all of your devices.

RiverOfIce is offline  
Last edited by RiverOfIce; August 30th, 2011 at 12:27 AM.
Reply With Quote
The Following 2 Users Say Thank You to RiverOfIce For This Useful Post:
alostpacket (August 30th, 2011), Casual Pete (September 6th, 2011)
Sponsors
Old August 30th, 2011, 01:27 PM   #2 (permalink)
Over Macho Grande?
 
alostpacket's Avatar
 
Join Date: Nov 2009
Location: NY
Posts: 7,090
 
Device(s): GalaxyNexus(LTE), NexusOne, OG Droid, GalaxyTab 10.1(LTE), Eris, Logitech Revue (fishtank)
Thanks: 4,164
Thanked 3,126 Times in 1,292 Posts
Default
Yeah I saw this too.

You can also revoke these CAs yourself in FF:

In FF Tools -> Options -> advanced -> encryption -> view certificates

then delete or distrust or edit and uncheck all the boxes.

I ended up removing like 5

1) the source of this article (DigiNotar)

2) the CHINESE GOVERNMENT <- wtf (shows as CNNIC or something)

3-5) 3 Turkish CAs because they are in the middle of a coup and I don't really want to visit a website authorized by a country I don't trust.

It was an enlightening experience. I may remove more even.
alostpacket is offline  
Reply With Quote
The Following User Says Thank You to alostpacket For This Useful Post:
RiverOfIce (August 30th, 2011)
Old August 30th, 2011, 01:54 PM   #3 (permalink)
Banned
 
Join Date: Mar 2010
Location: In exile
Posts: 1,716
 
Device(s):
Thanks: 177
Thanked 1,252 Times in 483 Posts
Default
I had no clue about that, thank you for showing me that. Someone needs to make a certificate cleaner plug in, because that is a great way to track someone.
RiverOfIce is offline  
Reply With Quote
Old September 3rd, 2011, 10:13 PM   #4 (permalink)
Frank Burns Eats Worms!
 
9to5cynic's Avatar
 
Join Date: Feb 2011
Location: Evo Root Forum, Lounge, Forum Games.
Posts: 3,280
 
Device(s): Evo 4G - CleanRom 2.0 (April '12)
Thanks: 1,761
Thanked 1,122 Times in 785 Posts
Send a message via AIM to 9to5cynic
Default
I read on Ars that (if your fake certs are the ones from the iranians) Firefox and Chrome have black listed the entire registrar.

Well, it was a few days ago, and I didn't read it carefully.... :O
9to5cynic is offline  
Reply With Quote
Old September 4th, 2011, 08:02 PM   #5 (permalink)
Member
 
starxpilot's Avatar
 
Join Date: Jul 2011
Location: TF Industries
Posts: 390
 
Device(s): Huawei Ascend M860 (Defunct, coworker bricked the phone by her boot).
Thanks: 34
Thanked 35 Times in 33 Posts
Send a message via MSN to starxpilot Send a message via Yahoo to starxpilot
Default
I can't access the link, the first one.

Mind giving me an idea of which ones I should remove?
starxpilot is offline  
Reply With Quote
Old September 6th, 2011, 10:52 AM   #6 (permalink)
Senior Member
 
Casual Pete's Avatar
 
Join Date: Apr 2010
Location: England
Posts: 535
 
Device(s): HTC Desire -Nexus S -GS2
Thanks: 29
Thanked 87 Times in 72 Posts
Default
Quote:
Originally Posted by RiverOfIce View Post
If you don't know what 2 step verification is, click the link.
How it works - Accounts Help

Hadn't heard of 2 step verification before reading this,have it all set up now so thanks for the heads up.
__________________

Absentem laedit cum ebrio qui litigat


Dropbox Link
Casual Pete is online now  
Reply With Quote
Reply

Bookmarks

« Previous Thread | Next Thread »

Go Back   Android Forums > Android Community > The Lounge > Computers & IT User CP
Reload this Page Google certificate and phishing...a gentle warning.
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT -5. The time now is 03:19 PM.
Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2012, vBulletin Solutions, Inc.
Custom vBulletin Skins by: Relivo

Contact Us - Android Forums - Archive - Top