NIC’s SSL Certificate Process Was Compromised; Forged Google SSL Certificates

NIC (National Informatics Center) issued unauthorized digital certificates for several Google domains and upon investigation, NIC realized that issuance process was compromised, but only four certificates were misissued.
Total
0
Shares

India’s NIC (National Informatics Center) had issued unauthorized digital certificates for several Google domains and upon investigation, NIC realized that issuance process was compromised, but only four certificates were misissued. The four certificates provided included three for Google domains and one for Yahoo domains.

As per Google, the breach is minimal – as India CCA certificates are included in the Microsoft Root Store and thus are trusted by the vast majority of programs running on Windows, including Internet Explorer and Chrome. Google affirms that Firefox is not affected because it uses its own root store that doesn’t include these certificates. Chrome on Windows would not have accepted the certificates for Google sites because of public-key pinning, although misissued certificates for other sites may exist.[official blog]

Due to this breach, Google has announced that for future Chrome releases, it will limit the India CCA root certificate to the following domains and subdomains thereof in order to protect users:

  1. gov.in
  2. nic.in
  3. ac.in
  4. rbi.org.in
  5. bankofindia.co.in
  6. ncode.in
  7. tcs.co.in
Leave a Reply

Sign Up to Newsletter

Daily.

You May Also Like

Samsung launches thinnest notebook in India on the backfoot

Siver me timbers! The latest press release by Korean electronics giant Samsung is talking of the number of hours it spent to design and develop a new product. One wonders if this has something to do with the expensive lawsuit that Samsung just scraped through. The company is calling it world’s thinnest and most compact premium notebook.
View Post

Here Is How Technology Is Taking Over Our Sleep

Keeping your phone on your nightstand may not seem like a big deal, but technology affects your sleep in more ways than you realize. Whether you’re surfing the web, playing a video game, or using your phone as an alarm clock in the late evening, you’re probably keeping yourself from a restful night.
View Post