Turkish fake site certs threatens to create fake Google sites


Google and Microsoft today revealed that the certification authority based in Turkey "by mistake" security certificates issued last month, and the recipient of one of electronic documents, in turn, created a certificate that can could pass the various Google sites.

According to a blog post by Google engineer Adam Langley, Chrome detected and blocked a Security Certificate not authorized for the domain "*. Google.com" on December 24. After blocking the certificate, Langley said, Google studied and determined the certificate from a certification authority through which connects back to the Turkish TurkTrust CA.

- Certificates or fraudulent e-documents used to verify the authenticity of the website - not a joke, because they can be used to perform phishing attacks, man-in-the-middle attacks or impersonate content.After Google warned TurkTrust and other browser vendors, TurkTrust said he had wrongly issued two intermediate certificates in August 2011 to organizations that have received standard SSL certificates.

Microsoft wrote in his blog post security advisory competitor that also blocked certificates TurkTrust. "TurkTrust evil created two subsidiaries: certification authorities. (*. EGO.GOV.TR and e-islam.kktcmerkezbankasi.org) The subsidiary EGO.GOV.TR * CA was then used to issue a digital certificate fraudulent google * com ..., "the company wrote.

People who use Windows Vista or later will not have to take action, Microsoft said, since they installed the certificate trust list of last June. Windows 8, Windows RT, Windows Server 2012, and the devices running Windows Phone 8 will be automatically protected.

Langley added that Google shares last month has solved the problem of the immediate safety for Chrome users, but the company will update the browser again in January to withdraw the status of Extended Validation certificates for TurkTrust .

He concluded by warning that it is possible Google "may also decide to take additional measures after discussion and careful consideration."

Mozilla has revoked the trust certificates for both TurkTrust and suspended the inclusion of the root certificate TurkTrust, pending further review.
Related Posts Plugin for WordPress, Blogger...
 

Copyright © trends ksr Design by Trends | Blogger Theme by Trends | Powered by VenkatSiva

google-site-verification: google275ce468b0c3e392.html