Errant Google Domain Traced To CA's Mistakes
Certificate authority Turktrust details internal errors that led to phony digital certificates.
Turns out the phony Google.com digital certificate that sounded alarms among browser vendors and security experts Thursday came out of a series of missteps by the Turkish certificate authority (CA) and may have only affected users at a Turkish government agency.
A convoluted series of unfortunate events within CA Turktrust led to the existence of a legit-appearing Google domain and the potential for some serious fraud via man-in-the-middle attacks, prompting Google, Firefox and Microsoft all to block the "*.google.com" domain.
The anomalous domain was not the result of a data breach, according to Turktrust, which mistakenly issued two certificates that ultimately led to the phony Google one. Turktrust traced the incident back to a 2011 audit that required a software migration and moving certificate profiles between a production system and a test system....