Turks impale Google

It would appear that Turkey, once home of the famous Ottoman sofa, is back on the warpath and, while it may not be knocking on the gates of Vienna any time soon, has Google in its sights.

The Turks have been quiet since 1683 after losing the Battle of Vienna to a re-vitalised Hapsburg alliance. But tensions have been mounting between the nation and the search engine Google.

Apparently Google’s YouTube has been saying some nasty things about Turkish secular saint Atatürk and been off and on banned in the country.

Now, in what will appear to be a complete coincidence, the Turks have stuffed up all the security on Google’s web products.

Writing in his blog, a spokesGoogle said that on Christmas Eve Chrome detected and blocked an unauthorised digital certificate for the “*.google.com” domain.

It found that the certificate was issued by an intermediate certificate authority (CA) linking back to TurkTrust, a Turkish certificate authority.

Since intermediate CA certificates carry the full authority of the CA, anyone who has one can use it to create a certificate for any website they wish to impersonate.

In response, Google updated Chrome’s certificate revocation metadata on to block that intermediate CA, and then alerted TurkTrust and other browser vendors. TurkTrust told Google, it had mistakenly issued two intermediate CA certificates to organisations that should have instead received regular SSL certificates. On December 26, Google pushed another Chrome metadata update to block the second mistaken CA certificate and informed the other browser vendors.

But the problem is pretty severe. It means that Google will have to issue an update to Chrome to no longer indicate Extended Validation status for certificates issued by Turktrust.

So why did Google get the works? Well that’s no one’s business but the Turks.