What have you always wondered about the economy? Tell Us

Bad guys grabbed a key to Google

Molly Wood Aug 31, 2011
HTML EMBED:
COPY

Bad guys grabbed a key to Google

Molly Wood Aug 31, 2011
HTML EMBED:
COPY

If I say “there’s a forged Google certificate loose in the world,” you probably wouldn’t think much of it. How about this: bad guys have a new way in to hack your Gmail, your Google+, Documents and anything Google. Yeah, that’s a little more eye-opening.

Hackers apparently broke into the network of DigiNotar, a Dutch company that provides verification certificates for websites. The hackers were then able to create fake Google certificates that allowed them to make what are called “man-in-the-middle attacks,” where the hackers slip in between you and the website you’re trying to reach.

Why? Chester Wisniewski of the security firm Sophos tells us, “In this case, the reason you’d make a fake one would be to intercept communications to see what (people are) saying privately like in their Gmail or their instant messaging. The certificate that was discovered was discovered by a gentleman in Iran, so it could be used by the government who wants to spy on people’s activities, or it could be used by people who want to commit ID theft or recover secret documents from your Google Docs repository.”

It’s essentially like someone broke into a locksmith’s shop and made a bunch of keys to Google.

This fake Google certificate is worrisome, but for people like Chris Soghoian, it’s not especially surprising. He’s a privacy and security researcher and graduate fellow at The Center for Applied Cybersecurity Research at Indiana University. He says, “The certificate system is hopelessly broken. We have far too many companies who are in a position to create these certificates. And unfortunately, we have a situation where we’re vulnerable to essentially the weakest link. If one certificate authority has bad security, then they can issue sites for Gmail or Yahoo or Bank of America and consumers can and will have their communications hijacked as a result.”

As for what you can do about it, Soghoian says to make sure you’re always running the latest update of your browser. Generally if the browser companies know about a problem like this, they can stop it with an update, but you have to do your part.

Also in this program, HP killed its TouchPad because no one was buying it. Then after they killed it, everyone started buying it. So now they’re bringing it back for one more run. Then they plan to kill it again. Presumably to drive up demand. Before bringing it back. And then killing it.

Marketplace is on a mission.

We believe Main Street matters as much as Wall Street, economic news is made relevant and real through human stories, and a touch of humor helps enliven topics you might typically find…well, dull.

Through the signature style that only Marketplace can deliver, we’re on a mission to raise the economic intelligence of the country—but we don’t do it alone. We count on listeners and readers like you to keep this public service free and accessible to all. Will you become a partner in our mission today?

Your donation is critical to the future of public service journalism. Support our work today – for as little as $5 – and help us keep making people smarter.