Wayward security certificates raise question of SSL reliability

JMH · Jan 5, 2013

As consumers, we've been taught to trust the padlock icon that appears on the address bar of our browsers. We're told it's a sign our communication with a website is safe. But an incident this week involving Google and a Turkish security company belies that notion.

The company, TurkTrust, revealed this week that in August 2011 it accidentally issued to two master keys to two "entities." Master keys, which are called intermediate certificates, allow the entities to create digital certificates for any domain on the Internet.

Digital certificates are actually encryption keys used to verify a website is what it says it is. The certificate for your bank, for example, verifies to your browser that you're actually talking to your bank when you do online banking.

Wayward security certificates raise question of SSL reliability | PCWorld

Corrine · Jan 5, 2013

Information about the resultant Microsoft Security Advisory: Security Advisory 2798897 Released, Certificate Trust List Updated.

Wayward security certificates raise question of SSL reliability

JMH

Emeritus, Contributor

Corrine

Administrator,
Microsoft MVP,
Security Analyst

Wayward security certificates raise question of SSL reliability

JMH

Emeritus, Contributor

Corrine

Administrator, Microsoft MVP, Security Analyst

Administrator,
Microsoft MVP,
Security Analyst