Email
Password
Remember meForgot password?
    Log in with Twitter

article imageGoogle has detected a fake Google+ website

By Tim Sandle     Jan 6, 2013 in Technology
Google has fixed a security lapse that could have allowed cyber thieves to set up a site and to impersonate the Google+ social network.
According to TechSpy the issue related to a site set up in Turkey. The site inadvertently exploited a loophole in Google's systems which could bypass the ID credentials that browsers use to ensure a website is what it claims to be.
The site in Turkey was set up by a security firm called TurkTrust. The Turkish firm mistakenly twice issued the wrong type of security credential (called an intermediate certificate). In essence, rather than issuing low level certificates TurkTrust mistakenly gave out "master keys". These keys could have allowed a bogus site to pretend it was the legitimate version without triggering a warning.
Commenting on the incident, Chester Wisniewski from Sophos said: "An intermediate certificate is essentially a master key that can create certificates for any domain name. These certificates could be used to impersonate any website to any browser without the end user being alerted that anything is wrong."
According to a statement from Google, the error was detected when automatic checks built into Google's Chrome browser noticed someone was using the program with an unauthorised certificate for the "*.google.com" domain.
More about Google, Security, Security certificate, google plus
More news from
Latest News
Top News