TR TurkTrust 2012 Technical Error (Q13707)
From Open Risk Manual
A data breach risk event
| Language | Label | Description | Also known as |
|---|---|---|---|
| English | TR TurkTrust 2012 Technical Error |
A data breach risk event |
Statements
6F33C831-FD34-4875-ADBB-C5AD1A9ED2A0
January 2012
0 references
A Turkish certificate authority mistakenly issued two intermediate CA certificates to untrusted users, giving them the power to create a certificate for any domain. For the third time in two years, an incident at one of the hundreds of certificate authorities that underpin the security of the Internet allowed a groupor in this case, a machinethe ability to pose as a legitimate online service provider. In a statement posted Jan. 3, Google announced that its Chrome browser detected and blocked an unauthorized digital certificate for its domain Dec. 24. The online services giant provided few details, but tracked the certificate back to a legitimate provider of digital encryption and certificate products, TurkTrust. Google updated its Chrome browser to revoke the two powerful certificates tha (English)
