Tag Archives: certificates

Microsoft Certificate Was Used to Sign “Flame” Malware

Posted on by

Microsoft certification authority signing certificates added to the Untrusted Certificate StoreWhile these security issues are not Flame-specific, and could be used in other forms of unrelated malware, Microsoft was able to identify components of the Flame malware that had been signed with a certificate that ultimately chained up to the Microsoft Root Authority.

via Microsoft Certificate Was Used to Sign “Flame” Malware | SecurityWeek.Com.

Microsoft did not say what algorithm was exploited in order to generate the rogue certificates, though SecurityWeek did reach out to Microsoft for comment and we will update the story if a response is recieved.

Critics slam SSL authority for minting certificate for impersonating sites

Posted on by

Critics slam SSL authority for minting certificate for impersonating sites.

Over the past year, security experts have proposed a variety of alternatives to the complex web of trust now used to manage the net’s ailing SSL system. Among them is the Convergence project devised by researcher Moxie Marlinspike. The system, which would have flagged counterfeit certificates used to snoop on some 300,000 Gmail users, has already won the qualified endorsement of security firm Qualys. Google, meanwhile, has said it has no plans to implement Convergence in its Chrome browser.