Google Freezes Chinese Websites And Certificate Authority
Thousands of Chinese websites will soon be marked unsafe by Google's Chrome browser.
Adam Langley, a Google security engineer, says, "On Friday, March 20th, we became aware of unauthorized digital certificates for several Google domains. The certificates were issued by an intermediate certificate authority apparently held by a company called MCS Holdings. This intermediate certificate was issued by CNNIC."
Your web browser knows a website is secure because it trusts the company that issues the secure certificate. But a malicious company can issue a certificate that allows one website to masquerade as another or for a hacker to easily grab confidential information. So Google will be marking any website whose certificate is derived via the China Internet Network Information Center as unsafe. So if a Chinese website has an "https" prefix and ".cn" domain suffix, it will be blocked in the Google Chrome browser.
Langley then says in an update to his original post: "As a result of a joint investigation of the events surrounding this incident by Google and CNNIC, we have decided that the CNNIC Root and EV CAs will no longer be recognized in Google products. This will take effect in a future Chrome update."
This move by Google could be a boon to Chinese technology companies like Qihoo 360, which is itself both a cybersecurity and browser company. Chinese users of Chrome may find it easier to switch to a 360 browser, rather than put up with the hassle of not being able to view domestic Chinese websites.