• Skip to primary navigation
  • Skip to main content
  • Skip to footer
  • Home
  • Write for Us
  • Contact
  • Advertise
  • Cookie Policy
    • Privacy statement (CA)
    • Cookie policy (CA)
    • Privacy statement (UK)
    • Cookie policy (UK)
    • Privacy statement (US)
    • Do Not Sell My Personal Information
    • Privacy statement (EU)
    • Cookie policy (EU)
    • Disclaimer

TechWalls

Technology News | Gadget Reviews | Tutorials

  • Reviews
  • Tech News
  • Tech Guide
  • Gadget & Apps

Indian digital certificate breach hits Google, Yahoo

Updated on Jul 14, 2014 by Guest Authors

A new digital certificate authority security breach in India has dealt a heavy blow to the domains controlled by Google and Yahoo. And what security experts view as the total scope of the threat actually represents only the tip of the iceberg.

More than a week ago, Google discovered several unauthorized certificates that had been issued by the National Informatics Center within the Indian Ministry of Communications and Information Technology for the search giant’s various domains.

The threat is that fraudulent certificates are potential tools for hackers to imitate legitimate websites and gain access to private and encrypted communications between users that could establish a connection with those rogue sites. That is why digital certificates are issued for domain names only if the owner asks for certificate authorities to do so.

India’s Controller of Certifying Authorities is listed in Microsoft Root Store and several Windows programs including the browsers Chrome and Internet Explorer have trusted it. Fortunately, there is no trouble for Mozilla Firefox users because the browser has a proprietary root store that excludes India CCA.

Microsoft has yet to determine whether the fake NIC certificates for Google’s domains were issued out of human error a technical flaw. However, India CCA found a compromise on how the NIC issued the certificates. According to Google security engineer Adam Langley, four rogue NIC certificates were issued, three of which were meant for Google domain names and one for Yahoo’s.

Google has further detected suspicious certificates other than the ones issued by the NIC so it is possible that the breach has a far-reaching impact beyond what authorities have assessed so far.

India CCA has immediately revoked NIC’s CA certificates and the Certifying Authority has ceased releasing certificates following the breach. After the India CCA revoked those certificates, Indian government websites with NIC-signed SSL certificates are currently insecure since all certificates have become invalid.

indian-digital-certificate

As an example, the Indian government website that accepts right to information requests gives the following warning to visitors:

“The server presented a certificate issued by an entity that is not trusted by your computer’s operating system. This may mean that the server has generated its own security credentials, which Chrome cannot rely on for identity information, or an attacker may be trying to intercept your communications. You should not proceed, especially if you have never seen this warning before for this site.”

Consequently, Google says it will restrict the India CCA root certificate to such domains as gov.in, nic.in, ac.in, rbi.org.in, bankofindia.co.in, ncode.in and tcs.co.in in its future Chrome updates.

Disclosure: As an Amazon Associate, I earn from qualifying purchases. The commission help keep the rest of my content free, so thank you!

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Footer

Keychron K4 Wireless Mechanical Keyboard Review – The Biggest & The Best?

Keychron K6 Wireless Mechanical Keyboard Review – Nice Balance Between Design and Function

AuthenTrend AT.Wallet Fingerprint Cryptocurrency Wallet Review – The Coolest One You Can Buy

Yeedi K650 Robot Vacuum Review – A Good Basic Vacuum

Follow TechWalls

YoutubeFacebookTwitterInstagram

Recent Posts

  • Keychron K4 Wireless Mechanical Keyboard Review – The Biggest & The Best?
  • Keychron K6 Wireless Mechanical Keyboard Review – Nice Balance Between Design and Function
  • Sensibo Pure Smart Air Purifier Review
  • EVO Gym System – A Foldable Versatile Personal Gym for Everyone

Copyright © 2021 · All Rights Reserved