TurkTrust denies security breach led to certificate gaffe

By on
TurkTrust denies security breach led to certificate gaffe

No 'malevolence, fraud or any other crime factor'.

Turkish certificate authority (CA) TurkTrust has denied that there was any attack that resulted in the issuing of fraudulent certificates.

In an updated statement from its website, TurkTrust said that since the incident was announced last week, "a lot of national and international people and organisations including press companies admired the way the case was treated and further supported and contributed for a correct understanding of the case".

However it said that there had been incorrect reporting and discussion on the incident and it will continue to manage the case openly and transparently with a responsibility not only to the Turkish public, but also to all internet users.

“Our company keeps on working with the target of being a reputable Turkish company that develops technology in world standards and produces value added services,” it said.

The company said in a previous  statement it was "certain that there is no security breach on TurkTrust systems" adding that "there is also not a bit of evidence that the certificate was used maliciously”.

The problems began when two faulty SSL certificates were issued in August 2011 during a software migration.

These were detected in late December, leading to browser vendors Microsoft, Mozilla and Google revoking trust in those certificates. TurkTrust revoked the certificate once it was made available of its status.

It said: “This seems to be a very plausible scenario explaining how the faulty certificate was being generated. This and all other available data strongly suggests that google.com cert was not issued for dishonest purposes or has not been used for such a purpose.”

This article originally appeared at scmagazineuk.com

Copyright © SC Magazine, UK edition
Tags:

Most Read Articles

Log In

Username:
Password:
|  Forgot your password?