Tag Archives: certificates

Microsoft Revokes Trust in 28 of Its Own Certificates

Posted on by

Microsoft has not said exactly what the now-untrusted certificates were used for, but company officials said there were a total of 28 certificates affected by the move. Many of the affected certificates are listed simply as “Microsoft Online Svcs”. However, the company said that it was confident that none of them had been compromised or used maliciously. The move to revoke trust in these certificates is a direct result of the investigation into the Flame malware and how the attackers were able to forge a Microsoft certificate and then use it to impersonate a Windows Update server.

via Microsoft Revokes Trust in 28 of Its Own Certificates | threatpost.

Microsoft Certificate Was Used to Sign “Flame” Malware

Posted on by

Microsoft certification authority signing certificates added to the Untrusted Certificate StoreWhile these security issues are not Flame-specific, and could be used in other forms of unrelated malware, Microsoft was able to identify components of the Flame malware that had been signed with a certificate that ultimately chained up to the Microsoft Root Authority.

via Microsoft Certificate Was Used to Sign “Flame” Malware | SecurityWeek.Com.

Microsoft did not say what algorithm was exploited in order to generate the rogue certificates, though SecurityWeek did reach out to Microsoft for comment and we will update the story if a response is recieved.

Critics slam SSL authority for minting certificate for impersonating sites

Posted on by

Critics slam SSL authority for minting certificate for impersonating sites.

Over the past year, security experts have proposed a variety of alternatives to the complex web of trust now used to manage the net’s ailing SSL system. Among them is the Convergence project devised by researcher Moxie Marlinspike. The system, which would have flagged counterfeit certificates used to snoop on some 300,000 Gmail users, has already won the qualified endorsement of security firm Qualys. Google, meanwhile, has said it has no plans to implement Convergence in its Chrome browser.