Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

TURKTRUST Officials Say No Evidence of Malice in Certificate Incident

Trailrunner7 (1100399) writes | about a year ago

Security 0

Trailrunner7 (1100399) writes "A week after the disclosure of the existence of a fraudulent certificate for Google domains that resulted from the mistaken issuance of a subordinate certificate by a Turkish certificate authority, officials at TURKTRUST are continuing to defend their actions in response to the incident, and say that there is "no evidence of any attack or hacking attempt on our system".

The TURKTRUST incident came to light last week after Google officials said that Chrome had identified the fraudulent Google certificate and, after investigating the source of it, found that it was generated by a subordinate certificate that TURKTRUST had issued to an agency related to the government of Turkey's capital city, Ankara. Initial concerns in the security community were that the TURKTRUST system had been compromised, either through an external attack or the actions of a malicious insider.

However, TURKTRUST officials quickly came out publicly, saying that the company in 2011 had mistakenly issued two subordinate certificates--one to a bank and the other to the government-affiliated agency. The first certificate was revoked quickly at the request of the customer and the other one was installed on a Web server as part of a webmail deployment. It was used as a normal SSL certificate for some time until early December when it was exported to to a firewall and later was used to generate a certificate for *.google.com."

Link to Original Source

0 comment

Check for New Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account