Google blacklists 247 certificates. Is it related to DigiNotar hacking incident?
After yesterday's news concerning the fake certificate found in Iran that allowed an attacker to impersonate Google.com, Vasco, the parent company of certificate authority DigiNotar, released a statement explaining what happened.
As is usually the case with security incidents, the statement was light on details, but claims the certificate authority was hacked and certificates for a "number of domains" were signed by the hackers using their root certificate.
Certificate authorities are "trusted" entities who validate the certificates that allow people to create encrypted connections to web servers.
They are responsible for confirming the identity of the entity requesting a certificate so that people are unable to impersonate other people's servers.
DigiNotar discovered they were hacked on July 19th, but the intrusion began at least as early as July 10th, 2011.
They performed an audit and revoked what they thought were all of the fraudulently issued certificates, but somehow missed one that was created to impersonate Google.
Missing the issuance of a certificate for Google raises questions about the quality and depth of the audit they performed. So does the fact that, after the audit, Mikko Hypponen of F-Secure