Comodohacker: I can issue fake Windows updates

[win7holic]

Following his recent attack against Dutch security company DigiNotar, the hacker known as Comodohacker is now threatening to exploit Microsoft's Windows Update service.

In another message posted on Pastebin last week touting his cyberattacks, the infamous hacker claims that he's able to issue phony Windows updates despite Microsoft's assertion to the contrary.

read more

 

[iPanik]

that would be... interesting.
I am pretty sure i have gotten that certificate update, but i think i will double check just in case.

 

[Linuxfever]

Yes, he can exploit the Windows Update system and I can fly. :shy:
Microsoft said that Windows Update has the Microsoft root CA certificate hard-coded into it. If Windows Update finds out that the SSL certificate of update.microsoft.com is signed by any other CA (even legitimate ones like Thawte or others) other than Microsoft Internet Authority, it will fail. Plus, each of the Windows Update setup files are signed by Microsoft own certificate too, and if Windows Update encounters a update file signed by other legitimate CA that isn't Microsoft, the update will fail too.
The Comodohacker must have access to Microsoft private SSL keys (Microsoft Internet Authority) and also managed to hack into Microsoft servers to sign those Windows Update updates with the compromised certificate in order to deliver fake updates.

 

[WinAndLinuxTutorials]

Yes, he can exploit the Windows Update system and I can fly. :shy:
Microsoft said that Windows Update has the Microsoft root CA certificate hard-coded into it. If Windows Update finds out that the SSL certificate of update.microsoft.com is signed by any other CA (even legitimate ones like Thawte or others) other than Microsoft Internet Authority, it will fail. Plus, each of the Windows Update setup files are signed by Microsoft own certificate too, and if Windows Update encounters a update file signed by other legitimate CA that isn't Microsoft, the update will fail too.
The Comodohacker must have access to Microsoft private SSL keys (Microsoft Internet Authority) and also managed to hack into Microsoft servers to sign those Windows Update updates with the compromised certificate in order to deliver fake updates.

I think you are right.

 

[jamescv7]

Good explanation, surely that hacker will make some plan B if the current plan will be fail.

 

[moonshine]

This just the beginning of what hackers will bring in for the future, Those who aren't careful usually ends up screwed.

 

[Deleted member 178]

comodohacker? It is Melhi disguised to promote CIS !

 

[Jack]

+1 Linuxfever!

The message posted on Pastebin is not very new, in the same message this guys said that it has breached the certificate authority GlobalSign...long story short.....the guys from GlobalSign verified that claim and discovered it was FAKE.....so this guy has 0 credibility.
Most likely he is doing all this do divert the attention from the fact that someone was spying Iranian citizen with fake Gmail certificates.

Interesting read : http://news.softpedia.com/news/ComodoHacker-Denies-That-the-Iranian-Government-is-Funding-Him-221498.shtml

 

[Malware1991]

How would it be possible to know if the Updates are fake? (If he somehow manages to achieve what he says he can do?)

 

[illumination]

How would it be possible to know if the Updates are fake? (If he somehow manages to achieve what he says he can do?)

If you manually install updates through microsoft, you will have no worries, as i highly doubt the intended hacker would manage to gain access through their update servers..
Otherwise, if he "could" manage to obtain Microsoft private SSL keys, the fake updates would mostly likely pop up as an automatic update that would seem to come out of no where.. He would have to be real slick, do this on the second tuesday of the month.. And he would have to construct the update to almost exact specs to fool most.. Would be a heck of a task, highly doubt he is capable, but one never knows..