By
Summary:
The incident, which was probably a case of the French finance ministry going overboard in its efforts to monitor employee activities, provides a timely reminder of how certificates are the weak point in online security.
Google appears to have caught the French finance ministry spying on its workers’ internet traffic by spoofing Google security certificates, judging from an episode that took place last week.
The web firm said in a blog post on Saturday that, on the preceding Tuesday, it had become aware of “unauthorized digital certificates for several Google domains.” It tracked the provenance of these certificates back to ANSSI, the French state information security agency, which in turn pointed to the Treasury as the culprit.
Comments are closed.