Earlier this year, an Iranian hacker broke into servers belonging to a reseller for certificate authority Comodo and issued himself a range of certificates for sites including Gmail, Hotmail, and Yahoo! Mail. With these certificates, he could eavesdrop on users of those mail providers, even if they use SSL to protect their mail sessions.

It's happened again. This time, Dutch certificate authority DigiNotar has issued a fraudulent certificate for google.com and all subdomains. As before, Gmail appears to be the target. The perpetrator also appears to be Iranian, with reports that the certificate has been used in the wild for man-in-the-middle attacks in that country. The certificate was issued on July 10th, and so could have been in use for several weeks prior to its discovery.

DigiNotar has revoked the certificate, which provides some protection to users (though many applications do not bother checking for revocations). However, the company has so far not disclosed how the certificate was issued in the first place, making it unclear that its integrity has been restored. As a result, Google and Mozilla have both made patches to Chrome and Firefox respectively that blacklist the entire certificate authority.

DigiNotar's silence also means that little is known about the perpetrator. Responsibility for the Comodo hack was claimed by a person claiming to be an Iranian sympathetic with, but independent of, the country's government. This latest hack could just as well be another independent effort, or a government action.

The absolute trust given to certificate authorities, and the susceptibility of that trust to abuse, has long been considered a problem. We wrote about the problem in March, and there has been no material improvement in the situation since then. The certificate authorities remain a weak link in the entire public key infrastructure, and though cryptographic systems can be created that reduce this possibility, the scheme we have remains firmly entrenched, regardless of its flaws.

Read the comments on this post

Nokia has issued a statement confirming that the security of its developer forum website was compromised by an attacker who successfully obtained a database table with user account information. Nokia has taken down its developer community site while it conducts further analysis. The attack exploited a SQL injection vulnerability in the website's forum software.

The statement issued by Nokia indicates that the attackers gained more account records than the company initially believed, but that the information was not particularly sensitive in nature. The breached data includes user e-mail addresses and public profile information, but apparently not passwords or password hashes.

Nokia says that only 7 percent of the forum users had supplied profile information, which may include instant messaging usernames and date of birth. The only material threat posed to individual users, according to Nokia, is unsolicited e-mail. The company apologized for the incident and sent out messages to inform users.

The Nokia developer community website was also defaced—changed to display a picture of cartoon character Homer Simpson and a message indicating that the site was "Owned by pr0tect0r AKA mrNRG." It has also had a text marquee which chastised Nokia for its lax Web security and warning that the company could be a future antisec target if it doesn't seek to improve. The end of the message says that there will be no "dumping" or leaking, suggesting that the attacker doesn't intend to publish the compromised data.

The individual or group that identifies itself as "pr0tect0r" is also connected with a recent attack against Defense.pk, an independent news and forum website that discusses Pakistan's military.

The attack is an embarrassment for Nokia, but doesn't appear to pose any major threats to the users of the company's developer community site. The situation would have been worse if the target was one of Nokia's more sensitive sites—such as Nokia's Ovi Store, which keeps credit card information on file.

Read the comments on this post

Security researchers have spotted a new strain of malware that targets Bitcoin, the peer-to-peer virtual currency that exploded onto the tech scene earlier this year. In a report issued last week, Symantec researchers described a Trojan that uses the user's computer to mine Bitcoins on behalf of the intruder. They estimate that, at current exchange rates, a fast computer could generate as much as $150 worth of Bitcoins per month.

This is not the first Bitcoin-related malware spotted in the wild. In June, security researchers discovered malware that acts as a virtual pickpocket, scanning an infected computer for Bitcoin wallets and sending their contents to the attacker. There have also been previous reports of Bitcoin-mining malware, but estimates had suggested that most botnet owners would make more money renting their machines out for other uses.

The governments of the United States, Canada, and South Korea, as well as the UN, the International Olympic Committee, and 12 US defense contractors were among those hacked in a five-year hacking campaign dubbed "Operation Shady RAT" by security firm McAfee, which revealed the attacks. Many of the penetrations were long-term, with 19 intrusions lasting more than a year, and five lasting more than two. Targets were found in 14 different countries, across North America, Europe, India, and East Asia.

The infiltration was discovered when McAfee came across a command-and-control server, used by the hackers for directing the remote administration tools—"RATs," hence the name "Operation Shady RAT"—installed in the victim organizations, during the course of an invesigation of break-ins at defense contractors. The server was originally detected in 2009; McAfee began its analysis of the server in March this year. On the machine the company found extensive logs of the attacks that had been performed. Seventy-two organizations were positively identified from this information; the company warns that there were likely other victims, but there was not sufficient information to determine what they were.

The Metropolitan Police claimed yesterday that they had arrested prominent Lulz Security and AnonOps member Topiary. The initial report claimed that a 19-year-old man was arrested in the Shetland Islands and was being flown down to London for questioning. That report has now been adjusted, saying that he was in fact an 18-year-old man. But there's a lot of speculation—some rather bombastic, other more reserved—that, however old this man actually is, there's one thing he isn't: Topiary.

Attempts to dox people—find out their real identities and publish their "documents" on the Web—have long been a tool in Anonymous' arsenal. Many people, whether they be animal abusers who've posted videos to YouTube or Sony executives and their families, have found themselves doxed after provoking Anonymous' wrath. Turn about is fair play, and so many groups who oppose Anonymous, and its high profile spin-off, Lulz Security, have attempted to dox members of that collective.

Anonymous has resumed its fight with PayPal, but this time with a twist: instead of engaging in more denial-of-service attacks against the online payment processor, the group is exhorting its supporters to close their PayPal accounts and cease using the service. This new OpPayPal comes in the wake of arrests the FBI announced last week that were made in response to the large denial of service attacks made against PayPal after PayPal stopped processing donations to WikiLeaks.

The statement issued by Anonymous denounces PayPal for acquiescing to government pressure and blocking payments to WikiLeaks. The statement also expresses the group's outrage that the FBI has arrested suspected criminals, who face the possibility of 15 years in prison and fines of up to $500,000. As punishment for this Anonymous-unapproved action, the statement encourages everyone to use alternative services to PayPal, close their PayPal accounts, and post pictures of the closures to Twitter. Those who can't close their accounts for any reason are invited to complain to the company instead.

Reports on Twitter of account closures in response to Anonymous' boycott number in their hundreds, and Anonymous itself is claiming that some 35,000 accounts have been closed. eBay, owner of PayPal, saw its share price drop by around 2 percent when the markets opened this morning, and Anonymous is taking credit for this decline. However, given that the NASDAQ as a whole has dropped by about 1.8 points at the time of writing, this fall in price looks more likely to be a reflection of prevailing market trends, rather than any specific response to the PayPal boycott.

Meanwhile, the arrests have continued. The Metropolitan Police in the UK are claiming to have arrested Topiary, a key player in both AnonOps and Lulz Security. The report says that a 19-year-old male was arrested in the Shetland Islands as part of continuing investigation into the denial-of-service and hacking attacks made under both the Lulz Security and Anonymous banners. Other addresses in the north of England are being searched, and a 17-year-old male is also being interviewed in connection with the inquiry.

Read the comments on this post