France Government used Rogue Google SSL Digital Certificates to Spy on users

 France Government used Rogue Google SSL Digital Certificates to Spy on users  

Google has found that the agency of government of france is using unauthorized Digital

certificates for some of its 0wn domain to perform man-in-the-middle attacks on a private

 network. 

Google security engineer Adam Langley described the incident as a "Serious Security breach", 

which was discovered in early December. Rogue digital certificate authority ANSSI, who closely

work with the French Defense

“In response, we updated Chrome’s certificate revocation metadata immediately to block that 

intermediate CA, and then alerted ANSSI and other browser vendors. Our actions addressed

 the immediate problem for our users” 

Google has immediately blocked the misused intermediate certificate and updated Chrome’s 

certificate revocation list to block all dodgy certificates issued by the French authority. In a state-

ment, ANSSI said that the intermediate CA certificate was used to inspect encrypted traffic with 

the user's knowledge on a private network with a commercial device  i.e. Snooping on its own 

users’ Internet usage. According to the, the inspection of SSL traffic on their own networks can help

 organizations prevent data leaks or discover malicious connections initiated by malware. It could

 be a critical threat if one such signed certificate was ever fall into the wrong hands. Microsoft 

warned that, "An attacker could usethese certificates to spoof content, perform phishing attacks, or 

perform man-in the-middle attacks against a large number of Google-owned domains, including 

google.com and youtube.com." Last year, a Turkish certificate authority called 'Turktrust' was

 revealed to have issued two subordinate certificates for the domain gmail.com, and that these 

certificates had been used to intercept Gmail users’ traffic. NSA is also alleged to have used man

-in-the-middle attacks through unauthorized certificates against Google in the past. Google said

, "We're now working to bring this extra protection to more users who are not signed in."

Google has found that the French government agency using unauthorized digital certificates for some of its own domains to perform man-in-the-middle attacks on a private network.

Read more: http://thehackernews.com/2013/12/fake-google-ssl-certificates-made-in.html

Google security engineer Adam Langley described the incident as a "Serious Security breach", which was discovered in early December. Rogue digital certificates that had been issued by French certificate authority ANSSI, who closely work with the French Defense agency. “In response, we updated Chrome’s certificate revocation metadata immediately to block that intermediate CA, and then alerted ANSSI and other browser vendors. Our actions addressed the immediate problem for our users” Google has immediately blocked the misused intermediate certificate and updated Chrome’s certificate revocation list to block all dodgy certificates issued by the French authority. In a statement, ANSSI said that the intermediate CA certificate was used to inspect encrypted traffic with the user's knowledge on a private network with a commercial device i.e. Snooping on its own users’ Internet usage. According to the, the inspection of SSL traffic on their own networks can help organizations prevent data leaks or discover malicious connections initiated by malware. It could be a critical threat if one such signed certificate was ever fall into the wrong hands. Microsoft warned that, "An attacker could use these certificates to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against a large number of Google-owned domains, including google.com and youtube.com." Last year, a Turkish certificate authority called 'Turktrust' was revealed to have issued two subordinate certificates for the domain gmail.com, and that these certificates had been used to intercept Gmail users’ traffic. NSA is also alleged to have used man-in-the-middle attacks through unauthorized certificates against Google in the past. Google said, "We're now working to bring this extra protection to more users who are not signed in."

Read more: http://thehackernews.com/2013/12/fake-google-ssl-certificates-made-in.html

Google has found that the French government agency using unauthorized digital certificates for some of its own domains to perform man-in-the-middle attacks on a private network.

Read more: http://thehackernews.com/2013/12/fake-google-ssl-certificates-made-in.html

Google has found that the French government agency using unauthorized digital certificates for some of its own domains to perform man-in-the-middle attacks on a private network.

Read more: http://thehackernews.com/2013/12/fake-google-ssl-certificates-made-in.html

Google has found that the French government agency using unauthorized digital certificates for some of its own domains to perform man-in-the-middle attacks on a private network.

Read more: http://thehackernews.com/2013/12/fake-google-ssl-certificates-made-in.html

Google has found that the French government agency using unauthorized digital certificates for some of its own domains to perform man-in-the-middle attacks on a private network.

Read more: http://thehackernews.com/2013/12/fake-google-ssl-certificates-made-in.html

France Government used Rogue Google SSL Digital Certificates to Spy on users Swati Khandelwal, The Hacker News - Wednesday, December 11, 2013

Read more: http://thehackernews.com/2013/12/fake-google-ssl-certificates-made-in.html

France Government used Rogue Google SSL Digital Certificates to Spy on users Swati Khandelwal, The Hacker News - Wednesday, December 11, 2013

Read more: http://thehackernews.com/2013/12/fake-google-ssl-certificates-made-in.html