From InfoWorld: Google said Monday an Egyptian company issued digital certificates that could have been used to intercept data traffic to its services, which did not appear to have been abused.
The incident is the latest example of longstanding problems around the issuance of digital certificates, which are used to encrypt data and verify the legitimacy of websites.
Google detected on March 20 that unauthorized digital certificates had been issued for several of its domains by MCS Holdings, a Cairo-based networking and security company, wrote Adam Langley, a Google security engineer.
The unauthorized certificates would have allowed MCS Holdings to spy on communications between Google and users on its network. Langley wrote that Google does not, however, believe the certificates were used for that purpose.
"We have no indication of abuse, and we are not suggesting that people change passwords or take other action," he wrote. "At this time, we are considering what further actions are appropriate.
View: Article @ Source Site