January 4, 2012
In Arseh Sevom's first ever newsletter (online here), we looked back at some of the highlights from the pages of our website. Those included:
- All
- Advocacy
- Annual Report
- Arseh Sevom 2017
- Attack on civil society
- Bani-Adam - Anti-Discrimination
- Bits of news
- Civil Society
- Civil Society Cookbook
- Civil Society Watch
- Contributors (Issue #1)
- Contributors (Issue #2)
- Dar Sahn
- Elections
- Environment
- Featured
- Featured Topics
- Free Speech
- Guardian Council Profiles
- Halal Internet
- HIV/AIDS
- House of Cinema
- In the news
- Infographic
- Jobs
- Jobs & Internships
- Magazine
- Networking Issue
- Newsletter
- Obstacles to Democracy
- Other Voices
- Other's Reports
- Post of the Week
- Press
- Publications
- Reports
- Research
- Resources
- Sanctions
- Simple Security
- single-page
- Statements
- Training
- What's Next?
- Woman, Life, Freedom
September 7, 2011
More than 300,000 Iranians have had their Gmail accounts compromised. From the report by the investigative firm Fox-IT, the security firm hired to investigate the stolen DigiNotar security certificates, it is clear that as early as July 28, the company was aware that falsified security certificates were in use in Iran. This is one month earlier than the first public notice, which was made by a Google Chrome user in Iran. (Read more background information.)The report, Operation Black Tulip (pdf), states:
They used both known hacker tools as well as software and scripts developed specifically for this task. Some of the software gives an amateurish impression, while some scripts, on the other hand, are very advanced. In at least one script, fingerprints from the hacker are left on purpose, which were also found in the Comodo breach investigation of March 2011.Read more
September 2, 2011
به زبان فارسیUPDATE: Google and Mozilla have revoked more than 200 security certificates as a result of a hack into the accounts of certificate authority, DigiNotar.WARNING: Tor, Yahoo, and Mozilla were among the targets.WHAT THIS MEANS: If you are in using Tor software downloaded after July 9, it might be compromised. Users of confirmed versions of Tor should not have been effected. (Read more on the Tor Blog.) If you have not checked the signature of Tor to ensure that it is authentic, now is the time to do so. Instructions are here.MORE THAN 200 SECURITY CERTIFICATES STOLENA few days ago, Arseh Sevom reported on compromised security for users in Iran. It was reported that a security certificate was stolen and was in used in Iran. This certificate was used to access secure communication between users in Iran and Google.Read more...
August 30, 2011
It all began with a simple message. An Iranian internet user was trying to connect to Google using the Chrome browser. Strangely enough, his browser flashed a message telling him that the security certificate he was using to access Google was not theirs. The user went to Google’s help forums to follow up on this and an investigation followed which uncovered a secretive, but highly explosive plot: a security firm in the Netherlands, DigiNotar, had seemingly provided a certificate to “someone” in Iran that allowed access to all secure traffic over Google within Iran.Security bloggers are reporting that the site may have been hacked earlier, in 2009. Screenshots of hacked pages are being shared via the internet. The links to those pages were available as recently as the morning (in Europe) of August 30th.Read more...