Google Discovers Bad Certificate, CA Authority Nonfeasance
Via the Google Online Security Blog comes news of a nasty bit of work, and a serious breach of the CA process, read on (if you dare)...
Google Inc. (NasdaqGS: GOOG) Network Security managed to grab the brass ring, with it's discovery of a bad certificate issued by a Cairo, Egypt based network firm; thereby succesfully maintaining the chain of security for the search leviathan's digital certificates.
The discovery of the bad certificate also exposed evidence of nonfeasance at the CA, in this case the CNNIC whom had subrogated (via contract) rights to publish that cert on hardware (in this case a proxy device apparently utilized for MITM user data discovery by the owner of that proxy).
"On Friday, March 20th, we became aware of unauthorized digital certificates for several Google domains. The certificates were issued by an intermediate certificate authority apparently held by a company called MCS Holdings. This intermediate certificate was issued by CNNIC." - via Google Inc. Security Engineer Adam Langley on the Google Online Security Blog