Complex Made Simple

Microsoft revokes trust in Indian government’s certificate authority

Microsoft has said it has updated the Certificate Trust List in Windows to revoke trust for a certificate authority operated by the Indian government, after it improperly issued at least 45 SSL certificates for domains owned by Google and Yahoo, PC World has reported. The security incident was revealed last Tuesday when security engineers from Google said that on July 2 they identified several certificates for Google domains that had been issued without authorisation by the National Informatics Centre (NIC), a branch of the Indian Ministry of Communications and Information Technology. “These SSL certificates could be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against web properties,” Microsoft said in a security advisory.