Dear all. First of all, want to ask that you update the system of your web browser and OS as fast as possible. 1. OS update - Windows: http://update.microsoft.com/microsoftupdate - Macintosh: Run "Software Update". 2. Web Browser - Internet Explorer includes OS update, so please carry out it. - Firefox: Click "Check for Update" in the Help upper menu. - Google Chrome: You don't need to do anything. Because this browser has the full automatic system for the update. By this critical security vulnerability, even if you have the high-level technical skill, it is very difficult that you detect the password stealing attack. [Influence] It is influenced in SSL services of the following sites. SSL is encryption system, and the aim is for the protection of private information, like E-mail, online shopping, bank, and so on. - Google - Yahoo - Hotmail - Skype - Firefox Add-on Site - Global Trustee For example, when you access to the Gmail site (https://gmail.com), can you judge that the site is a real thing? Normally, the site validness is guarantees by the public SSL certificate authority , but in this time, the authority was hacked due to the system operator's password's leaking. The attacker can fake up the above web site by using the stealing SSL certification.Even if you input ID and password in Gmail, the site may be fake and may be stolen your password. The countermeasure is that you use the latest version of web browser. News: http://www.thehackernews.com/2011/03/iran-hackers-targets-gmail-and-skype.html March 25, 2011: Information Processing Office: Kitani
Announcement of critical information security issue due to the illegal access of SSL certificate authority