Skip to main content
  1. Home
  2. Web
  3. News

Google, Mozilla blacklists China’s web registrar over breach

By

some chinese websites to be banned in firefox chrome browsers after security breach chinainternetsecurity
Nmedia/Shutterstock
Google and Mozilla have just announced that they will blacklist digital certificates from the China Internet Network Information Center, the country’s main Internet agency.

CNNIC oversees China’s Internet infrastructure. This means that Google Chrome and Mozilla Firefox will soon stop accepting certificates from most websites with the .cn domain. With the ban, Chrome and Firefox users will receive a pop-up that alerts them to possible security risks.

Recommended Videos

The move comes about two weeks after a security breach that involved unauthorized digital certificates for Google domains such as Gmail. On March 20, Google found that MCS Holdings, an Egyptian IT company, misused certificates. MCS Holdings obtained its intermediate certificate from CNNIC.

Google said that MCS used the certificates for a man-in-middle proxy. According to CNNIC, they had agreed to issue a certificate to MCS with the condition that the company would only issue certificates for the domains they have registered. MCS instead intercepted connections by pretending to be the intended destination for users. Google called the incident “a serious breach” because all major browsers and operating systems recognized CNNIC certificates.

“This explanation is congruent with the facts. However, CNNIC still delegated their substantial authority to an organization that was not fit to hold it,” said Adam Langley, a security engineer at Google.

To help users adjust to the changes, Google has provided a grace period. The company said that it will recognize CNNIC’s existing certificates for a “limited time.” This exemption will only be extended to websites that are included in Google’s “whitelist.”

CNNIC, which conducted an investigation of its own after the breach, criticized Google’s move. “The decision that Google has made is unacceptable and unintelligible to CNNIC, and meanwhile CNNIC sincerely urge that Google would take users’ rights and interests into full consideration,” the agency wrote in its website.

In spite of the ban, Google has indicated that it would be willing to reinstate CNNIC at a later time. “While neither we nor CNNIC believe any further unauthorized digital certificates have been issued, nor do we believe the misissued certificates were used outside the limited scope of MCS Holdings’ test network, CNNIC will be working to prevent any future incidents,” Google wrote. “We applaud CNNIC on their proactive steps, and welcome them to reapply once suitable technical and procedural controls are in place.”

Topics
Christian Brazil Bautista
Christian Brazil Bautista
Former Digital Trends Contributor
Christian Brazil Bautista is an experienced journalist who has been writing about technology and music for the past decade…
Google Drive vs. Dropbox: which is best in 2024?
Google Drive in Chrome on a MacBook.

Google Drive and Dropbox are two of the most popular cloud storage providers, if not some of the best. They offer a range of exciting features, from secure file storage and transfer, to free storage, file syncing, extensions, chat-app integration, and more. But while they might go toe to toe on some cloud storage specifications, there are others where one is the clear winner. The question is, which one is the best in 2024?

Let's take a close look at Google Drive and Dropbox to see how their latest head to head turns out.
Google Drive wins the free storage battle
Both Dropbox and Google Drive offer free storage space for those who would like to try out their respective services before putting down a few dollars a month for something more expansive and permanent. Google Drive comes standard, with 15GB of free space, far more than Dropbox's initial free storage offering of just 2GB.

Read more
The most common GoTo Meeting problems and how to solve them
Stock photo of man using laptop

GoTo Meeting is a great option for hosting meetings remotely, but like any other videoconferencing app, it still has issues that need troubleshooting. For this guide, we found four common problems GoTo Meeting users may encounter and the solutions to each of them. From audio issues to connectivity problems, let's look at these difficulties and the best ways to solve them.

Note: The following sections only reflect the interface of the latest version of the GoTo Meeting desktop app.
Annoying sound effects when people enter or leave meetings

Read more
How to download YouTube videos for offline viewing
A smartphone displaying YouTube on its screen as it lays on top of a laptop's keyboard.

YouTube might be a streaming-first video platform, but you can download YouTube videos, too. You can even download them for free with the right software, although simply being a YouTube Premium member is the most straightforward method. Having a YouTube video saved offline makes it easy to view it later, watch it when you're offline and away from a stable Wi-Fi connection, or just watch it multiple times without having to re-stream it.

Whatever reason you have for wanting to download a YouTube video, though, there are a range of ways to do it. Here's how.

Read more