Search the Community
Showing results for tags 'french agency'.
Found 1 result
Google announced that it detected a French government agency using unauthorized digital certificates for several Google domains to perform man-in-the-middle attacks on a private network. Google security engineer Adam Langley described the incident as a "Serious Security breach", discovered in early December. These bogus certificates were fraudulently signed by the certificate authority of DG Trésor, the French Treasury and Cyber Defense agency known as ANSSI. Google has immediately updated Chrome’s certificate revocation list to block all dodgy certificates issued by the French authority. ANSSI said that the intermediate CA certificate was used to inspect encrypted traffic with the user's knowledge on a private network with a commercial device i.e. Snooping on its own users’ Internet usage. Last year, a Turkish certificate authority called 'Turktrust' was revealed to have issued two subordinate certificates for the domain gmail.com, and that these certificates had been used to intercept Gmail users’ traffic. NSA is also alleged to have used man-in-the-middle attacks through unauthorized certificates against Google in the past. Google said, "We're now working to bring this extra protection to more users who are not signed in." Source: Fake Google SSL Certificates, Made in France