Fraudulent digital certificate for Google web properties used in active attacks
Posted on 03 January 2013.
A fraudulent digital certificate that could be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against several Google web properties has been discovered by the Google Chrome Security Team.

Microsoft has been immediately notified of the matter and has moved to update its Certificate Trust list (CTL) and all its supported releases of Windows in order to remove the trust of that and two other certificates, as it appears that active attacks using the first certificates have been detected.

"TURKTRUST Inc. incorrectly created two subsidiary CAs (*.EGO.GOV.TR and e-islam.kktcmerkezbankasi.org). The *.EGO.GOV.TR subsidiary CA was then used to issue a fraudulent digital certificate to *.google.com," they explained in a security advisory.

Users who don't have the automatic updater of revoked certificates enabled are advised to download and apply the latest system update, while Windows 8, Windows RT, Windows Server 2012, and Windows Phone 8 users needn't worry about that - their CTL will be updated automatically.






Spotlight

The synergy of hackers and tools at the Black Hat Arsenal

Posted on 27 August 2014.  |  Tucked away from the glamour of the vendor booths and the large presentation rooms filled with rockstar sessions, was the Arsenal - a place where developers were able to present their security tools and grow their community.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Mon, Sep 1st
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //