Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Assuming this certificate stuff is legit, how do we know this is being done by Iran? What makes anyone think this is Iran?


The claims reported in various places suggest that people in Iran have actively observed this certificate used in MITM attacks on gmail connections. No hard evidence yet, and no idea what original source people keep repeating (possibly the pastebin itself).


It's weird, isn't it? From zero to accepted fact on the basis of some guys assumption mentioned in the title of a pastebin dump. The only other original source I've been able to find is this:

http://www.google.com/support/forum/p/gmail/thread?tid=2da61...

He even invokes the Comodo incident, which as we know turned out to be the work of a single individual and NOT Iran.

Propaganda spreads quickly, even in the HN circle where people usually pride themselves on requiring evidence as a prerequisite to belief.


This is perhaps the earliest-dated public indication of the attack: https://www.google.com/support/forum/p/gmail/thread?tid=2da6...

Hi, Today, when I trid to login to my Gmail account I saw a certificate warning in Chrome . I took a screenshot and I saved certificate to a file .

this is the certificate file with screenshot in a zip file: http://www.mediafire.com/?rrklb17slctityb

and this is text of decoded fake certificate: http://pastebin.com/ff7Yg663

when I used a vpn I didn't see any warning ! I think my ISP or my government did this attack (because I live in Iran and you may hear something about the story of Comodo hacker!)




Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: