Web browser makers have rushed to fix a security lapse that cyber thieves abused to impersonate Google+

The loophole exploited ID credentials that browsers use to ensure a website is who it claims to be.

By using the fake credentials, criminals created a website that purported to be part of the Google+ social media network.

The fake ID credentials have been traced back to Turkish security firm TurkTrust which mistakenly issued them.

Google, Microsoft and Firefox developer Mozilla have all issued updates which revoke the two wrongly issued master security certificates. In addition, Mozilla has updated Firefox to reject any certificate issued by TurkTrust while the browser maker investigates the security lapse.

This is not the first time that websites and browser makers have had a problem with security certificates. Fake certificates have been issued before now by several other firms and exposed confidential data including login names and passwords.

google-plus-banner

“It is really time we move on from this 20-year-old, poorly implemented system,” wrote Mr Wisniewski. “It doesn’t need to be perfect to beat what we have.”

Leave a Reply