1. Are you ready for the Galaxy S20? Here is everything we know so far!

Google certificate and phishing...a gentle warning.

Discussion in 'Computers' started by RiverOfIce, Aug 30, 2011.

  1. RiverOfIce

    Thread Starter

    Fraudulent Google credential found in the wild ? The Register

    We have all seen this before, by now. So I have that urge to remind people never give out information to anyone but the person how you are doing business with. If it is not the website directly, don't give the information.

    And please remember to use 2 step verification, I know it is a pain in the butt, but it will stop you from being hacked, I promise.

    If you don't know what 2 step verification is, click the link.
    How it works - Accounts Help

    It will make you more or less bullet proof.

    *edit, just watch the video, quick correction. If you are using application specific password, you need to use the same password on every device. For example, you will need to use the same password for the same account that works on you phone, tablet, and pc. When you change that passwords, you will need to change the password for every device you change. So keep the "one time password" around until you used it on all of your devices.

    Casual Pete and alostpacket like this.

    1. Download the Forums for Android™ app!


  2. alostpacket

    alostpacket Over Macho Grande?

    Yeah I saw this too.

    You can also revoke these CAs yourself in FF:

    In FF Tools -> Options -> advanced -> encryption -> view certificates

    then delete or distrust or edit and uncheck all the boxes.

    I ended up removing like 5

    1) the source of this article (DigiNotar)

    2) the CHINESE GOVERNMENT <- wtf (shows as CNNIC or something)

    3-5) 3 Turkish CAs because they are in the middle of a coup and I don't really want to visit a website authorized by a country I don't trust.

    It was an enlightening experience. I may remove more even.
    RiverOfIce likes this.
  3. RiverOfIce

    Thread Starter

    I had no clue about that, thank you for showing me that. Someone needs to make a certificate cleaner plug in, because that is a great way to track someone.
  4. 9to5cynic

    9to5cynic Android Expert

    I read on Ars that (if your fake certs are the ones from the iranians) Firefox and Chrome have black listed the entire registrar.

    Well, it was a few days ago, and I didn't read it carefully.... :O ;)
  5. starxpilot

    starxpilot Android Enthusiast

    I can't access the link, the first one.

    Mind giving me an idea of which ones I should remove?
  6. Casual Pete

    Casual Pete Android Enthusiast

    Hadn't heard of 2 step verification before reading this,have it all set up now so thanks for the heads up.

Share This Page