ID: IRCNE2013011718
Date: 2013-01-06
According to "computerworld", Google has taken steps to close potential security holes created by a fraudulent certificate for its google.com domain, discovered in late December.
The certificate was erroneously issued by an intermediate certificate authority (CA) linking back to TurkTrust, a Turkish CA.
"Intermediate CA certificates carry the full authority of the CA, so anyone who has one can use it to create a certificate for any website they wish to impersonate," wrote Adam Langley, a Google software engineer, in a blog post Thursday.
Google detected the existence of the certificate on Christmas Eve, updated its Chrome browser the next day to block the intermediate CA and notified TurkTrust and other browser makers about the problem.
TurkTrust then conducted its own investigation and found out that in August 2011 it had mistakenly issued two intermediate CA certificates to organizations that should have instead received regular SSL certificates, according to Langley.
Google then updated Chrome again to block the second CA certificate and again notified other browser vendors.
- 3