Microsoft warns: Fraudulent digital certificates issued for high-value websites

Status
Not open for further replies.
jamescv7

jamescv7

Level 85
Thread author
Verified
Honorary Member
Forum Veteran
Mar 15, 2011
13,070
17,982
8,379
29
Philippines
Microsoft today warned that Comodo has issued nine fraudulent digital certificates to a third party whose identity could not be sufficiently validated, a scenario that could allow attackers to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against all Web surfers.

According to the Microsoft advisory, the fraudulent

Web certificates affect the Microsoft Live service, Google’s mail system, Yahoo and Skype log-ins.
Click to expand...

http://www.zdnet.com/blog/security/microsoft-warns-fraudulent-digital-certificates-issued-for-high-value-websites/8488?tag=mantle_skin;content
 
This is a serious matter that threatens the core of today's security infrastructure. If "bad guys" can get their hands on fake certificates and can also attack the DNS infrastructure there will be no way to know if the site you are visiting is legit or not (for example). I'm sorry that Comodo didn't reveal the Registration Authority (RA) involved. Hopefully the necessary measures will be applied.
 
RE: Apple users left to defend themselves against certificate attacks

In light of the disclosure on Wednesday about 9 fraudulent SSL certificates being issued by a partner of Comodo, Microsoft was quick to respond with an update to protect users of Windows.

Apple however has not reacted leaving many OS X users in the dark. Mike Shannon from SophosLabs did some research for me this week so we could provide a guide on configuring your Mac to be secured against these bogus certificates.
Click to expand...

http://nakedsecurity.sophos.com/2011/03/26/apple-users-left-to-defend-themselves-against-certificate-attacks/
 
Status
Not open for further replies.

You may also like...