Fraudulent digital certificate for Google web properties used in active attacks
Posted on 03 January 2013.
A fraudulent digital certificate that could be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against several Google web properties has been discovered by the Google Chrome Security Team.

Microsoft has been immediately notified of the matter and has moved to update its Certificate Trust list (CTL) and all its supported releases of Windows in order to remove the trust of that and two other certificates, as it appears that active attacks using the first certificates have been detected.

"TURKTRUST Inc. incorrectly created two subsidiary CAs (*.EGO.GOV.TR and e-islam.kktcmerkezbankasi.org). The *.EGO.GOV.TR subsidiary CA was then used to issue a fraudulent digital certificate to *.google.com," they explained in a security advisory.

Users who don't have the automatic updater of revoked certificates enabled are advised to download and apply the latest system update, while Windows 8, Windows RT, Windows Server 2012, and Windows Phone 8 users needn't worry about that - their CTL will be updated automatically.






Spotlight

How to talk infosec with kids

Posted on 17 September 2014.  |  It's never too early to talk infosec with kids: you simply need the right story. In fact, as cyber professionals itís our duty to teach ALL the kids in our life about technology. If we are to make an impact, we must remember that children needed to be taught about technology on their terms.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Thu, Sep 18th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //