Fraudulent digital certificate for Google web properties used in active attacks
Posted on 03 January 2013.
A fraudulent digital certificate that could be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against several Google web properties has been discovered by the Google Chrome Security Team.

Microsoft has been immediately notified of the matter and has moved to update its Certificate Trust list (CTL) and all its supported releases of Windows in order to remove the trust of that and two other certificates, as it appears that active attacks using the first certificates have been detected.

"TURKTRUST Inc. incorrectly created two subsidiary CAs (*.EGO.GOV.TR and e-islam.kktcmerkezbankasi.org). The *.EGO.GOV.TR subsidiary CA was then used to issue a fraudulent digital certificate to *.google.com," they explained in a security advisory.

Users who don't have the automatic updater of revoked certificates enabled are advised to download and apply the latest system update, while Windows 8, Windows RT, Windows Server 2012, and Windows Phone 8 users needn't worry about that - their CTL will be updated automatically.






Spotlight

Patching: The least understood line of defense

Posted on 29 August 2014.  |  How many end users, indeed how many IT pros, truly get patching? Sure, many of us see Windows install updates when we shut down our PC and think all is well. Itís not.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Tue, Sep 2nd
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //