403 Forbidden


nginx
403 Forbidden

403 Forbidden


nginx
Follow us:
403 Forbidden

403 Forbidden


nginx

Microsoft Pri0

Welcome to Microsoft Pri0: That's Microspeak for top priority, and that's the news and observations you'll find here from Seattle Times technology reporter Matt Day.

September 7, 2011 at 8:29 AM

Microsoft deems all DigiNotar certificates untrustworthy, releases updates

Microsoft has deemed all DigiNotar certificates to be untrustworthy and has created updates for supported versions of Windows that blocks access to website resources containing digital certificates issued by the Dutch company.

DigiNotar is a company that issues digital certificates guaranteeing the security of websites.

“Microsoft is aware of active attacks using at least one fraudulent digital certificate issued by DigiNotar,” Microsoft said in a security advisory. “A fraudulent certificate could be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against all Web browser users including users of Internet Explorer. While this is not a vulnerability in a Microsoft product, this issue affects all supported releases of Microsoft Windows.”

Microsoft’s most recent update, issued Tuesday, moves all DigiNotar SSL (secure socket layer) certificates to Windows’ block list, dubbed the Untrusted Certificate Store, according to Computerworld. Microsoft’s Internet Explorer uses that list to bar the browser from reaching sites secured with dubious certificates.

Microsoft says all its customers and Windows supported third-party applications are protected.

The problem has been industry-wide. Google and Mozilla have also updated their browsers to block all DigiNotar certificates, while Apple has been silent on the issue, Computerworld says.

The DigiNotar hack attack came to light last week and is believed to have allowed the Iranian government to spy on thousands of Iranian citizens’ communications with Google email during the month of August, according to The Associated Press.

Meanwhile, another company that issues such certificates, GlobalSign, said Tuesday it is suspending issuing new certificates while it investigates whether it may have been targeted by hackers.

Comments

COMMENTS

No personal attacks or insults, no hate speech, no profanity. Please keep the conversation civil and help us moderate this thread by reporting any abuse. See our Commenting FAQ.



The opinions expressed in reader comments are those of the author only, and do not reflect the opinions of The Seattle Times.


403 Forbidden

403 Forbidden


nginx
403 Forbidden

403 Forbidden


nginx