On Thu, Jan 03, 2013 at 10:13:54AM -0800, Andy Isaacson wrote: > http://googleonlinesecurity.blogspot.com/2013/01/enhancing-digital-certificate-security.html > > TURKTRUST told us that based on our information, they discovered > that in August 2011 they had mistakenly issued two intermediate CA > certificates to organizations that should have instead received > regular SSL certificates.
Microsoft's announcement provides the names of the two certificates. http://blogs.technet.com/b/msrc/archive/2013/01/03/security-advisory-2798897-released-certificate-trust-list-updated.aspx TURKTRUST Inc. incorrectly created two subsidiary Certificate Authorities: (*.EGO.GOV.TR and e-islam.kktcmerkezbankasi.org). The *.EGO.GOV.TR subsidiary CA was then used to issue a fraudulent digital certificate to *.google.com. -andy
