Fraudulent Google credential found in the wild ? The Register We have all seen this before, by now. So I have that urge to remind people never give out information to anyone but the person how you are doing business with. If it is not the website directly, don't give the information. And please remember to use 2 step verification, I know it is a pain in the butt, but it will stop you from being hacked, I promise. If you don't know what 2 step verification is, click the link. How it works - Accounts Help It will make you more or less bullet proof. *edit, just watch the video, quick correction. If you are using application specific password, you need to use the same password on every device. For example, you will need to use the same password for the same account that works on you phone, tablet, and pc. When you change that passwords, you will need to change the password for every device you change. So keep the "one time password" around until you used it on all of your devices.
Yeah I saw this too. You can also revoke these CAs yourself in FF: In FF Tools -> Options -> advanced -> encryption -> view certificates then delete or distrust or edit and uncheck all the boxes. I ended up removing like 5 1) the source of this article (DigiNotar) 2) the CHINESE GOVERNMENT <- wtf (shows as CNNIC or something) 3-5) 3 Turkish CAs because they are in the middle of a coup and I don't really want to visit a website authorized by a country I don't trust. It was an enlightening experience. I may remove more even.
I had no clue about that, thank you for showing me that. Someone needs to make a certificate cleaner plug in, because that is a great way to track someone.
I read on Ars that (if your fake certs are the ones from the iranians) Firefox and Chrome have black listed the entire registrar. Well, it was a few days ago, and I didn't read it carefully.... :O
Hadn't heard of 2 step verification before reading this,have it all set up now so thanks for the heads up.
