SecurityTube

Fake Turkish site certs create threat of bogus Google sites

JB

Google and Microsoft revealed today that a certificate authority based in Turkey "mistakenly" issued security certificates last month, and that a recipient of one of the e-documents in turn created a bogus certificate that could let it impersonate various Google sites.

According to a blog post by Google engineer Adam Langley, Chrome detected and blocked an unauthorized security certificate for the domain "*.google.com" on December 24. After blocking the certificate, Langley said, Google investigated and determined the certificate came from an intermediate certificate authority that linked back to the Turkish certificate authority TurkTrust.

Fraudulent certificates -- or e-documents used to verify Web site authenticity -- are no joke, since they can be used to perform phishing attacks, man-in-the-middle attacks, or to spoof content.