NNSquad - Network Neutrality Squad
[ NNSquad ] Unauthorized digital certificates detected by Google
Unauthorized digital certificates detected by Google
http://j.mp/1daroQZ (Google Online Security Blog)
"Late on December 3rd, we became aware of unauthorized digital
certificates for several Google domains. We investigated immediately
and found the certificate was issued by an intermediate certificate
authority (CA) linking back to ANSSI, a French certificate authority.
Intermediate CA certificates carry the full authority of the CA, so
anyone who has one can use it to create a certificate for any website
they wish to impersonate. In response, we updated Chrome's
certificate revocation metadata immediately to block that intermediate
CA, and then alerted ANSSI and other browser vendors. Our actions
addressed the immediate problem for our users ..."
- - -
Another sign of the rotting Public Key Infrastructure that forces
Google and other innocent parties to pick up after the PKI's mess with
increasing frequency.
--Lauren--
Lauren Weinstein (lauren@vortex.com): http://www.vortex.com/lauren
Co-Founder: People For Internet Responsibility: http://www.pfir.org/pfir-info
Founder:
- Network Neutrality Squad: http://www.nnsquad.org
- PRIVACY Forum: http://www.vortex.com/privacy-info
Member: ACM Committee on Computers and Public Policy
Lauren's Blog: http://lauren.vortex.com
Google+: http://google.com/+LaurenWeinstein
Twitter: http://twitter.com/laurenweinstein
Tel: +1 (818) 225-2800 / Skype: vortex.com
_______________________________________________
nnsquad mailing list
http://lists.nnsquad.org/mailman/listinfo/nnsquad