Fraudulent Cert for Google Domains Found After Mistake by..

by Carol~ Moderator - 1/3/13 1:15 PM

In Reply to: NEWS - January 03, 2013 by Carol~ Moderator

... Turkish CA

Google has pushed out an update that blocks an intermediate digital certificate for *.google.com after discovering that a Turkish certificate authority had mistakenly issued intermediate certificates to two organizations that should only have gotten normal SSL certificates. That error gave those two organizations the power to issue certificates that carried the same authority as the CA itself and allowed one of the organizations to issue the fraudulent wild card certificate for Google. One of the groups that obtained the intermediate certificate is a Turkish government agency.

The problem was discovered by Google security personnel just before Christmas and the Google team quickly found that it was a Turkish CA named TURKTRUST that had issued the intermediate certificate. That mistake essentially granted the company with the intermediate certificate the ability to issue certificates for any domain it chose.

"In response, we updated Chrome's certificate revocation metadata on December 25 to block that intermediate CA, and then alerted TURKTRUST and other browser vendors. TURKTRUST told us that based on our information, they discovered that in August 2011 they had mistakenly issued two intermediate CA certificates to organizations that should have instead received regular SSL certificates. On December 26, we pushed another Chrome metadata update to block the second mistaken CA certificate and informed the other browser vendors," Google's Adam Langley wrote in an analysis of the episode.

Continued : https://threatpost.com/en_us/blogs/fraudulent-certificate-google-domains-found-after-mistake-turkish-ca-010313

Related: Security Advisory 2798897 (Certificate Trust List Updated)

Also: Google, Microsoft, and Mozilla revoke two fraudulent Turkish certificates used in targeted attacks