Google and Microsoft today began warning users about active phishing attacks against Google’s online properties. The two companies said the attacks resulted from a fraudulent digital certificate that was mistakenly issued by a domain registrar run by a Turkish domain registrar. Read More ..
In a blog post published today, Google said that on Dec. 24, 2012, its Chrome Web browser detected and blocked an unauthorized digital certificate for the “*.google.com” domain.
“We investigated immediately and found the certificate was issued by an intermediate certificate authority (CA) linking back to TURKTRUST, a Turkish certificate authority,” wrote Adam Langley, a Google software engineer. “Intermediate CA certificates carry the full authority of the CA, so anyone who has one can use it to create a certificate for any website they wish to impersonate.”