Flaw could have let attackers steal passwords and data from apparently secure connections to Google sites such as Gmail Security analysts have warned that attackers could have exploited a faked web certificate to eavesdrop on Iranian dissidents using Google sites such as Gmail.