The fraudulent Google.com SSL certificate issued by Diginotar may be one of many, according to analysts.
The Dutch certificate authority (CA) admitted yesterday it issued fraudulent certificates - including a *.google.com wildcard - after it was hacked.
Diginotar revoked an unnamed number of affected certificates while Microsoft, Google and Mozilla blacklisted the CA's root certificate.
The Digitnotar breach permitted the "fraudulent issuance of public key certificates for a number of domains, including Google.com," according to the statement from US company VASCO, which owns DigiNotar.
But a code analysis of the upcoming Google Chrome release first identified by The Register shows fraudlent certificates could have been issued for hundreds of websites.
The analysis identified that Google would blacklist 257 certificates in Chrome, up from 10 in the current version.
Neal Wise, director of penetration testing firm Assurance.com.au said the Chrome blacklist could encompass DigitNotar SSL certificates used by a large number of web sites, along with intermediate signing certificates.
"I could almost guarantee that it was not just Google that the certificates were issued," Wise said,.
Intermediate signing certificates are CAs used to create SSL certificates. It allowed a root CA to be used in the event that the intermediate CA was compromised or revoked.
He said SSL sessions established by Chrome would likely consult the list against the serial number of certificates served.
The DigiNotar breach was for many a symptom of deep problems with the certificate trust model.
For Wise, the breach highlights the danger of wildcard certificates because they were valid across a string of subdomains for a nominated site.
"We have been telling people for 10 years that wildcards are a bad idea," Wise said. "You get fly-by-night CAs selling certificates for $10 without concern for security or who they are selling to."
Wise had often grabbed wildcard certificates in penetration tests and used them to compromise client systems.
"It increases risk, and makes it so much harder to defend," he said.
AusCERT security analyst Richard Billington said wildcard certificates were often an easier or cheaper alternative to multiple certificates.
"Unfortunately costs and business models come into play here. This can often result in the easiest solution or best revenue stream being picked or perpetuated, rather than the best solution," Billington said.
"In face-to-face interactions with strangers over thousands of years, humans have developed a process of being reticent about things that we are told by strangers - it's why we mightn't trust used car salesmen and the like," Fitzgerald said.
He points to a 2001 breach in which Verisign accidentally issued Microsoft certificates to someone posing as a Microsoft employee.
"No one in their right mind should trust major certificates authorities, the really big ones, because at some point they have released fraudulent certificates.
"By rights, if the chain of trust is upheld, [breached] CAs should be removed, but in Microsoft's case that should have invalidated maybe 25 percent of the certificates."
Billington said failings in the certificate model could often be pinned on human error.
"Not patching servers, not separating networks and systems, or even just a user letting their guard down," he said.
Non-technical end users were particularly exposed by the certificate model. Fraudulent certificates can be used to impersonate web sites and intercept account information.
In response to this apparent in-the-wild attack, VASCO said it plans to indefinitely suspend the sale of its traditional and extended-validation (EV) SSL certificates.
"The company will only restart its SSL and EV SSL certificate activities after thorough additional security audits by third-party organisations," the statement said.
Typically, users that visit websites that have been issued forged certs are unlikely to notice anything amiss, said Christopher Soghoian, a noted privacy researcher.
In an attempt to quell any speculation that hackers impacted other parts of VASCO's network, the company said the compromise was confined to its CA environment.
"The technological infrastructures of VASCO and DigiNotar are completely separated, meaning that there is no risk for infection of VASCO's strong authentication business," the company said.
Regardless of the scope, the incident highlights the precarious nature of the current CA system.
In March, hackers gained access to competitor Comodo's certificate generation system to fabricate nine fraudulent credentials for big-name sites like Google, Yahoo, Skype and Microsoft's Hotmail. An independent Iranian hacker claimed responsibility.