View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
January 6, 2013

Google detects fraudulent website ID certificate threat

The fraudulent website ID certificate would have allowed impersonation of its social media network, Google+

By CBR Staff Writer

Google has detected an unauthorised digital certificate, which has been issued in its name and could have allowed impersonation of its social media network, Google+.

According to the search major, the loophole, which has been blocked by the firm, involved an exploit of ID credentials, which are used by browsers to assure a website is who it claims to be, while the usage of fake credentials could have led to creation of a website that was supposed to be part of the Google+.

Turktrust, a root certificate authority in Turkey which issues intermediate certificates, siad it had been issued by mistake.

Google software engineer Adam Langley said that in response, the firm has updated Chrome’s certificate revocation metadata on December 25 to block the intermediate certificate, and then alerted TURKTRUST and other browser vendors.

"On December 26, we pushed another Chrome metadata update to block the second mistaken CA certificate and informed the other browser vendors," Langley said.

An investigation led by TurkTrust revealed that in August 2011 the firm had issued the wrong security credential twice to organisations that should have instead received regular SSL certificates.

"Our actions addressed the immediate problem for our users," Langley added."Given the severity of the situation, we will update Chrome again in January to no longer indicate Extended Validation status for certificates issued by TURKTRUST, though connections to TURKTRUST-validated HTTPS servers may continue to be allowed."

Content from our partners
Unlocking growth through hybrid cloud: 5 key takeaways
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.