Google found Fake Digital Certificates issued by NIC

Share it:
Google SSL, Fake SSL, Google Fake SSL
Earlier this Wednesday, Google Security team have found unauthorized digital certificates in many of Google domains which are issued by National Informatics Centre (NIC) of India NIC provides intermediate CA certificates authenticated by the Indian Controller of Certifying Authorities (India CCA).

The SSL certificate which are issued by the Trusted Certificate Authorities build a trust among the users or visitors on the applied sites. SSL encrypts all the transmission of data and makes it secure from the potential harm.

The use of fake digital certificates results in serious security and privacy issues which could allows attacker to read and spy from the encrypted network.

However, the major concern is many western companies use intermediate Certificates, issued by India CCA. Even Microsoft also operates many window programs including IE and Chrome browser with intermediate certificates. However, Firefox use its own root certificate hence it is not affected with these fake certificates.

Google security engineer Mr. Adam Langley said,
“We are not aware of any other root stores that include the India CCA certificates, thus Chrome on other operating systems, Chrome OS, Android, iOS and OS X are not affected. Additionally, Chrome on Windows would not have accepted the certificates for Google sites because of public-key pinning, although mis-issued certificates for other sites may exist.”

Google have notified NIC India, Microsoft and  CCA about the fake certificate issue and blocked these certificates in chrome using a CRLSet push. CRLSet is a function in chrome that can block any fake certificates.

India CCA is now investing the cause behind issuance of unauthorized intermediate certificates. Google also upgraded its SSL certificates from 1024-bit to 2048-bit RSA to make them more secure
Share it:

Google

News

Security

Post A Comment:

0 comments:

Follow by Email