As consumers, we've been taught to trust the padlock icon that appears on the address bar of our browsers. We're told it's a sign our communication with a website is safe. But an incident this week involving Google and a Turkish security company belies that notion.
The company, TurkTrust, revealed this week
that in August 2011 it accidentally issued to two master keys to two "entities." Master keys, which are called intermediate certificates, allow the entities to create digital certificates for any domain on the Internet.
Digital certificates are actually encryption keys used to verify a website is what it says it is. The certificate for your bank, for example, verifies to your browser that you're actually talking to your bank when you do online banking.