MCS had received the Sub-ordinate certificate from CNNIC on mentioned date and started the test on same day inside MCS lab which is a protected environment, MCS had assured to store the private key in a FIPS compliant device (Firewall), to run the test which had started with no incidents on Thursday, and for the sack of unintentional action the Firewall had an active policy to act as SSL forward proxy with an automatic generation for a certificates for browsed domains on the internet, which had been taken place on a weekend time (Friday, and Saturday) during unintentional use from one of the IT Engineers for a browsing the internet using Google Chrome which had reported a miss-use at Google’s End.
MCS had deleted the certificate immediately from the firewall once gotten notified by CNNIC for the incident, at same time, MCS had submitted an incident report to CNNIC and all the concerned parties on the same day of notification.
MCS confirms that the reported issue is a human mistake that took place unintentionally through a single PC inside MCS Lab which had been dedicated for testing purposes. Quoting google spokesman, confirms: "We have no indication of abuse, and we are not suggesting that people change passwords or take other action". Claims by some public reports are inconsistent with statement by Google spokesman for abuse or spying activity for any traffic: “Google does not, however, believe the certificates were used for that purpose”. As stated by Google spokesman.
Partager