Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?
Take advantage of Black Friday with 15% off sitewide with coupon code "BLACKFRIDAY" on Slashdot Deals (some exclusions apply)". ×

Submission + - Turkish CA Issues Fraudulent Certificate for (

wiredmikey writes: Google said that late on Christmas Eve, they detected and blocked an unauthorized digital certificate that was created for the "*" domain that was linked back to Turkish certificate authority, TURKTRUST.

“TURKTRUST told us that based on our information, they discovered that in August 2011 they had mistakenly issued two intermediate CA certificates to organizations that should have instead received regular SSL certificates,” Adam Langley, Software Engineer at Google wrote in a blog post on Thursday.

Microsoft on Thursday issued a security advisory on the incident and took measures to protect customers.

Because Intermediate CA certificates have the full authority of the CA, an attacker could use it to create a certificate for any website they want to impersonate. “The fraudulent certificate could be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against several Google web properties,” Microsoft’s advisory said. “This issue affects all supported releases of Microsoft Windows.”

Google said that it may also take additional action after looking into the issue further.

This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

Turkish CA Issues Fraudulent Certificate for

Comments Filter:

"Spock, did you see the looks on their faces?" "Yes, Captain, a sort of vacant contentment."