Trailrunner7 (1100399) writes "A week after the disclosure of the existence of a fraudulent certificate for Google domains that resulted from the mistaken issuance of a subordinate certificate by a Turkish certificate authority, officials at TURKTRUST are continuing to defend their actions in response to the incident, and say that there is "no evidence of any attack or hacking attempt on our system".
The TURKTRUST incident came to light last week after Google officials said that Chrome had identified the fraudulent Google certificate and, after investigating the source of it, found that it was generated by a subordinate certificate that TURKTRUST had issued to an agency related to the government of Turkey's capital city, Ankara. Initial concerns in the security community were that the TURKTRUST system had been compromised, either through an external attack or the actions of a malicious insider.
However, TURKTRUST officials quickly came out publicly, saying that the company in 2011 had mistakenly issued two subordinate certificates--one to a bank and the other to the government-affiliated agency. The first certificate was revoked quickly at the request of the customer and the other one was installed on a Web server as part of a webmail deployment. It was used as a normal SSL certificate for some time until early December when it was exported to to a firewall and later was used to generate a certificate for *.google.com."
Link to Original Source