The identity of the hackers responsible remains elusive, though the phishing targets in China and the IP addresses involved indicate a coordinated effort, researchers from Anomali said.
The mistake means that hackers could decrypt the key and use the certificate, a means of digital authentication, to monitor victims’ traffic and launch main-in-the-middle attacks.
A blog post by the maker of the Firefox browser says Chrome engineers are correct in their assessment of the problems with Symantec-issued internet security certificates —…