Announcement

Collapse
No announcement yet.

Beware of spoofed VeriSign-Issued Digital Certificates!

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
  • #1

    Beware of spoofed VeriSign-Issued Digital Certificates!

    This is a nasty one! I usually check the certs but even that's no guarantee, like this case ...

    http://www.microsoft.com/technet/sec...n/MS01-017.asp

    <font face="Verdana, Arial, Helvetica" size="2">In mid-March 2001, VeriSign, Inc., advised Microsoft that on January 29 and 30, 2001, it issued two VeriSign Class 3 code-signing digital certificates to an individual who fraudulently claimed to be a Microsoft employee. The common name assigned to both certificates is “Microsoft Corporation”. The ability to sign executable content using keys that purport to belong to Microsoft would clearly be advantageous to an attacker who wished to convince users to allow the content to run. ... </font>
    <TABLE BGCOLOR=Red><TR><TD><Font-weight="+1"><font COLOR=Black>The world just changed, Sep. 11, 2001</font></Font-weight></TR></TD></TABLE>
    Tags: None
  • #2
    A fix is available @ windows update
    Fear, Makes Wise Men Foolish !
    incentivize transparent paradigms

    Comment

    • #3
      or is it really a fix ?
      Fear, Makes Wise Men Foolish !
      incentivize transparent paradigms

      Comment

      • #4
        <font face="Verdana, Arial, Helvetica" size="2">Originally posted by Kosh Naranek:
        A fix is available @ windows update</font>
        ... That's how I found about the screw-up in the first place.

        The fix:
        <font face="Verdana, Arial, Helvetica" size="2">This update prevents the two erroneously signed certificates from being accepted as valid.</font>
        That fixes the spoofed certs they caught, how many others are out there? One of the weaknesses of certs is that you have to trust the issuer.
        <TABLE BGCOLOR=Red><TR><TD><Font-weight="+1"><font COLOR=Black>The world just changed, Sep. 11, 2001</font></Font-weight></TR></TD></TABLE>

        Comment

        Previous template Next
        Working...
        X