What's worse than discovering that someone has launched a man-in-the-middle attack against Iranian Google users, silently intercepting everything from email to search results and possibly putting Iranian activists in danger? Discovering that this attack has been active for two months.
This is a wildcard for any of the Google domains," said Roel Schouwenberg, senior malware researcher with Kaspersky Lab, in an email interview Monday.
"[Attackers] could poison DNS, present their site with the fake cert and bingo, they have the user's credentials," said Andrew Storms, director of security operations at nCircle Security.
Mozilla has announced the release of new versions of their browser, mail client and Internet suite in which trust of DigiNotar's root certificate will be revoked.