1. Download our Official Android App: Forums for Android!

Google certificate and phishing...a gentle warning.

Discussion in 'Computers' started by RiverOfIce, Aug 30, 2011.

  1. RiverOfIce

    Thread Starter
    Rank:
    None
    Points:
    313
    Posts:
    1,715
    Joined:
    Mar 30, 2010

    Mar 30, 2010
    1,715
    1,254
    313
    In exile
    Fraudulent Google credential found in the wild ? The Register

    We have all seen this before, by now. So I have that urge to remind people never give out information to anyone but the person how you are doing business with. If it is not the website directly, don't give the information.

    And please remember to use 2 step verification, I know it is a pain in the butt, but it will stop you from being hacked, I promise.

    If you don't know what 2 step verification is, click the link.
    How it works - Accounts Help

    It will make you more or less bullet proof.

    *edit, just watch the video, quick correction. If you are using application specific password, you need to use the same password on every device. For example, you will need to use the same password for the same account that works on you phone, tablet, and pc. When you change that passwords, you will need to change the password for every device you change. So keep the "one time password" around until you used it on all of your devices.
     

    Advertisement

    Casual Pete and alostpacket like this.
  2. alostpacket

    alostpacket Over Macho Grande?
    Rank:
    None
    Points:
    513
    Posts:
    7,972
    Joined:
    Nov 29, 2009

    Nov 29, 2009
    7,972
    3,603
    513
    Android App Developer
    NY
    Yeah I saw this too.

    You can also revoke these CAs yourself in FF:

    In FF Tools -> Options -> advanced -> encryption -> view certificates

    then delete or distrust or edit and uncheck all the boxes.

    I ended up removing like 5

    1) the source of this article (DigiNotar)

    2) the CHINESE GOVERNMENT <- wtf (shows as CNNIC or something)

    3-5) 3 Turkish CAs because they are in the middle of a coup and I don't really want to visit a website authorized by a country I don't trust.

    It was an enlightening experience. I may remove more even.
     
    RiverOfIce likes this.
  3. RiverOfIce

    Thread Starter
    Rank:
    None
    Points:
    313
    Posts:
    1,715
    Joined:
    Mar 30, 2010

    Mar 30, 2010
    1,715
    1,254
    313
    In exile
    I had no clue about that, thank you for showing me that. Someone needs to make a certificate cleaner plug in, because that is a great way to track someone.
     
  4. 9to5cynic

    9to5cynic Android Expert
    Rank:
    None
    Points:
    633
    Posts:
    4,873
    Joined:
    Feb 20, 2011

    Feb 20, 2011
    4,873
    1,766
    633
    /home/
    I read on Ars that (if your fake certs are the ones from the iranians) Firefox and Chrome have black listed the entire registrar.

    Well, it was a few days ago, and I didn't read it carefully.... :O ;)
     
  5. starxpilot

    starxpilot Android Enthusiast
    Rank:
    None
    Points:
    98
    Posts:
    536
    Joined:
    Jul 24, 2011

    Jul 24, 2011
    536
    61
    98
    Loss Prevention Agent
    Garland
    I can't access the link, the first one.

    Mind giving me an idea of which ones I should remove?
     
  6. Casual Pete

    Casual Pete Android Enthusiast
    Rank:
    None
    Points:
    78
    Posts:
    546
    Joined:
    Apr 27, 2010

    Apr 27, 2010
    546
    84
    78
    England

    Hadn't heard of 2 step verification before reading this,have it all set up now so thanks for the heads up.
     

Share This Page

Loading...