News | Register| Login
 
 
MCS Response to Google blog
Maintaining digital certificate security.
Posted: Wednesday, 25th March, 2015

On Sunday 22nd March, Google had blamed MCS of issuing a bad digital certificate for a several Google domains using the intertermediate certificate issued by CNNIC (China Internet Network Information Center).

Background

MCS is one of a major security products distributer in Egypt and middle east and had a very successful security projects delivery and implementation in Egypt through its partners, and owns a direct partnership with a world wide largest IT security companies like Intel Security, Palo Alto Networks, Gemalto, and Riverbed. MCS owns a clear and honest history of compliance to the international regulations of selling and using the security products and its corresponding encryption mechanisms since establishment till date.

 MCS had signed an official demonstration agreement with CNNIC on date 11th March, 2015 to test newly, planned to be introduced, secure cloud based services in the Middle East region.

These services were planned to start offering in the Egyptian market as a first stage of operation then being extended to the whole Middle East region, part of these offering services could be provided in a high level of security with a trusted public signing capabilities. MCS had received the subordinate CA certificate on Thursday 19th March for a limited period of two weeks for testing purposes after signing the agreement by CNNIC.

 

MCS Response

MCS had received the Sub-ordinate certificate from CNNIC on mentioned date and started the test on same day inside MCS lab which is a protected environment, MCS had assured to store the private key in a FIPS compliant device (Firewall), to run the test which had started with no incidents on Thursday, and for the sack of unintentional action the Firewall had an active policy to act as SSL forward proxy with an automatic generation for a certificates for browsed domains on the internet, which had been taken place on a weekend time (Friday, and Saturday) during unintentional use from one of the IT Engineers for a browsing the internet using Google Chrome which had reported a miss-use at Google’s End.

MCS had deleted the certificate immediately from the firewall once gotten notified by CNNIC for the incident, at same time, MCS had submitted an incident report to CNNIC and all the concerned parties on the same day of notification.

MCS confirms that the reported issue is a human mistake that took place unintentionally through a single PC inside MCS Lab which had been dedicated for testing purposes. Quoting google spokesman, confirms: "We have no indication of abuse, and we are not suggesting that people change passwords or take other action". Claims by some public reports are inconsistent with statement by Google spokesman for abuse or spying activity for any traffic: “Google does not, however, believe the certificates were used for that purpose”. As stated by Google spokesman.

Furthermore, MCS have all the accredited logs that provide detailed information mentioned above for the concerned parties.

Conclusion

MCS is a one of award winning security Value added distributer companies in the middle east region which had a proven records of delivering a niche technology and security solutions proposition for the Egyptian market using the best of bread solutions from world wide biggest security companies.
Google spokesman confirms the harms-free mistake was not for any miss-use:" “which did not appear to have been abused”.
MCS had a full transparent response for the incident with accurate information.
MCS welcomes any further clarifications required, please send your inquiries to info@mcsholding.com.

 
 
 
 
 
Sitemap|Feedback |Subscribe Copyright © MCS, All rights reserved Follow us on