Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Sunday, 3 December, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Intercepted certificates causes red faces for French security agency

by The Gurus
September 11, 2020
in Editor's News
Share on FacebookShare on Twitter

Human error has been blamed in relation to an incident where digital certificates were signed that claimed to belong to the French administration.

The French security agency said in a statement that an effort to “strengthen the overall IT security of the French Ministry of Finance” led to digital certificates being signed by the certification authority (CA) of the DGTrésor (Treasury) which is attached to the agency.

It said: “The mistake has had no consequences on the overall network security, either for the French administration or the general public. The aforementioned branch of the IGC/A has been revoked preventively.
“The reinforcement of the whole IGC/A process is currently under supervision to make sure no incident of this kind will ever happen again.”

The issue was initially detected by Google, where security engineer Adam Langley said that it became aware of unauthorised digital certificates for several Google domains and after investigation, it found that the certificate was issued by an intermediate CA that linked back to ANSSI, a French certificate authority. “Intermediate CA certificates carry the full authority of the CA, so anyone who has one can use it to create a certificate for any website they wish to impersonate,” he said.

He confirmed that Chrome’s certificate revocation metadata was updated to block that intermediate CA, and it alerted ANSSI and other browser vendors.

“ANSSI has found that the intermediate CA certificate was used in a commercial device, on a private network, to inspect encrypted traffic with the knowledge of the users on that network. This was a violation of their procedures and they have asked for the certificate in question to be revoked by browsers. We updated Chrome’s revocation metadata again to implement this,” he said.

FacebookTweetLinkedIn
Tags: Certificate
ShareTweet
Previous Post

Government websites hacked, database leaked by TeslaTeam

Next Post

Apple, Microsoft and Facebook form group to push reform of Government surveillance

Recent News

Google bins inactive accounts

Google bins inactive accounts

December 1, 2023
Laptop, phone, hands

40% of Cybersecurity Departments Want More Budget to Upskill Employees

November 24, 2023
AI Receives £500 Million Funding in Finance Minister’s 2023 Autumn Statement

AI Receives £500 Million Funding in Finance Minister’s 2023 Autumn Statement

November 24, 2023
Half of Cybersecurity Professionals Kept Awake By Workload Worries

Half of Cybersecurity Professionals Kept Awake By Workload Worries

November 24, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information