Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Operating Systems
Windows 10
Microsoft to remove all Windows downloads signed with SHA-1
Message
<blockquote data-quote="Stopspying" data-source="post: 896636" data-attributes="member: 69368"><p>"Microsoft is removing all Windows downloads from the Microsoft Download Center that are signed using SHA-1 certificates on August 3rd, 2020.</p><p>The SHA-1 algorithm was commonly used to code-sign executables and TLS and SSL certificates used on web sites to authenticate a publisher's legitimacy.</p><p>In 2015, security researchers <a href="https://sites.google.com/site/itstheshappening/" target="_blank">released a report</a> detailing how SHA-1 is vulnerable to collision attacks that could allow attackers to create forgeries of digital certificates to impersonate a company or another website.</p><p>These forgeries can then be used in phishing attacks, to spoof companies, or in man-in-the-middle attacks to listen in on encrypted network sessions.</p><p>Due to the problems with SHA-1 certificates, Microsoft and other developers have been moving away from SHA-1 certificates and <a href="https://support.microsoft.com/en-us/help/4472027/2019-sha-2-code-signing-support-requirement-for-windows-and-wsus" target="_blank">requiring SHA-2 to be used to install Windows updates</a>..."</p><p></p><p>[URL unfurl="true"]https://www.bleepingcomputer.com/news/microsoft/microsoft-to-remove-all-windows-downloads-signed-with-sha-1/[/URL]</p></blockquote><p></p>
[QUOTE="Stopspying, post: 896636, member: 69368"] "Microsoft is removing all Windows downloads from the Microsoft Download Center that are signed using SHA-1 certificates on August 3rd, 2020. The SHA-1 algorithm was commonly used to code-sign executables and TLS and SSL certificates used on web sites to authenticate a publisher's legitimacy. In 2015, security researchers [URL='https://sites.google.com/site/itstheshappening/']released a report[/URL] detailing how SHA-1 is vulnerable to collision attacks that could allow attackers to create forgeries of digital certificates to impersonate a company or another website. These forgeries can then be used in phishing attacks, to spoof companies, or in man-in-the-middle attacks to listen in on encrypted network sessions. Due to the problems with SHA-1 certificates, Microsoft and other developers have been moving away from SHA-1 certificates and [URL='https://support.microsoft.com/en-us/help/4472027/2019-sha-2-code-signing-support-requirement-for-windows-and-wsus']requiring SHA-2 to be used to install Windows updates[/URL]..." [URL unfurl="true"]https://www.bleepingcomputer.com/news/microsoft/microsoft-to-remove-all-windows-downloads-signed-with-sha-1/[/URL] [/QUOTE]
Insert quotes…
Verification
Post reply
Top