Google has apparently caught the internet traffic of its workers being spied by the French finance ministry, by spoofing the Google security certificates.
The browsers access such certificates in order to verify that an internet service is what is appears to be, and creating fake certificates can allow anyone to impersonate services of well reputed websites, such as, Google – which lets the user have all the confidential information.
Google had spotted the certificates last week which were presenting as their own, although they were actually issued to somebody else via an intermediate CA. The company instantly updated the Chrome browser in order to block the intermediate CA, and then identified the root CA, ANSSI. Google also informed ANSSI about the issue and even warned the rest of the browsers.
If French finance ministry attempted to strengthen the IT security, which involves inspecting encrypted traffic with the knowledge users, suggests that Treasury had been keeping an eye on the internet usage of its users, with an assumption that the contracts of Treasury workers gave them the authority to monitor them.
Google took advantage of the scenario by launching its campaign for certificate transparency that would involve new framework to audit certificates in real time. This is a great initiative to tighten the online security. If more work is done on encryption, then we are going to see a visible change in a very short period of time, which will eventually protect us all from bulk surveillance.
by Taha Abbas @infotales.com
No comments:
Post a Comment