Rogue Digital Certificate Revoked

Wednesday, April 1, 2015 @ 04:04 PM gHale


A fraudulently issued certificate for several Google domains and possibly other web properties ended up revoked by Microsoft to eliminate the risk of web content spoofing, phishing, and man-in-the-middle attacks.

The issue is the result of Egypt-based company MCS Holdings gaining the power by its root Certificate Authority (CA) to issue digital certificates for other websites apart from those it registered under its name.

RELATED STORIES
Surveillance Malware Hides as Legit Software
Regin: ‘Complex Software’
Updated Malware Boosts Espionage Tool
Espionage Program 10 Years Old

The CA delegating the rights to issue the certificates CNNIC (China Internet Network Information Center), which revoked the rogue intermediate certificate as soon as it learned of MCS Holdings’ deeds.

Microsoft has updated its Certificate Trust List (CTL) for Windows operating systems so the fraudulent certificate can no longer end up used for malicious operations against its clients.

The list of Google domains that could end up leveraged by an attacker includes Gmail and Google.com, two web properties accessed by tens of millions of unique IP addresses on a daily basis.

Other Google domains suffering from the issue are *.google.com.eg, *.g.doubleclick.net, *.gstatic.com, and *.googleapis.com. It is possible domains from other owners ended up validated by MCS Holdings’ rogue certificate.

The CTL update issued by Microsoft automatically goes out to systems running supported editions of Windows 8, Server 2012, RT, 8.1, RT 8.1, and Server 2012 R2, and for devices running Windows Phone 8 and 8.1. On these, no one has to take action since the modification ends up produced in the background.



Leave a Reply

You must be logged in to post a comment.