BreachExchange mailing list archives
TurkTrust re-emphasises that there was not a security breach
From: Erica Absetz <eabsetz () opensecurityfoundation org>
Date: Wed, 9 Jan 2013 10:56:30 -0500
http://www.scmagazineuk.com/turktrust-re-emphasises-that-there-was-not-a-security-breach/article/275195/ Turkish certificate authority (CA) TurkTrust has denied that there was any attack, "malevolence, fraud or any other crime factor" on it resulting in the issuing of fraudulent certificates. In an updated statement from its website, TurkTrust said that since the incident was announced last week, "a lot of national and international people and organisations including press companies admired the way the case was treated and further supported and contributed for a correct understanding of the case". However it said that there had been incorrect reporting and discussion on the incident and it will continue to manage the case openly and transparently with a responsibility not only to the Turkish public, but also to all internet users. “Our company keeps on working with the target of being a reputable Turkish company that develops technology in world standards and produces value added services,” it said. In a previous statement, TurkTrust said: “As of now, it is certain that there is no security breach on TurkTrust systems. There is also not a bit of evidence that the certificate was used maliciously.” The problems began when two faulty SSL certificates were issued in August 2011 during a software migration. These were detected in late December, leading to browser vendors Microsoft, Mozilla and Google revoking trust in those certificates. TurkTrust revoked the certificate once it was made available of its status. It said: “This seems to be a very plausible scenario explaining how the faulty certificate was being generated. This and all other available data strongly suggests that google.com cert was not issued for dishonest purposes or has not been used for such a purpose.” _______________________________________________ Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://datalossdb.org/mailing_list Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) Risk Based Security equips organizations with security intelligence, risk management services and on-demand security solutions to establish customized risk-based programs to address information security and compliance challenges. Tenable Network Security (http://www.tenable.com/) Tenable Network Security provides a suite of solutions which unify real-time vulnerability, event and compliance monitoring into a single, role-based, interface for administrators, auditors and risk managers to evaluate, communicate and report needed information for effective decision making and systems management.
Current thread:
- TurkTrust re-emphasises that there was not a security breach Erica Absetz (Jan 09)