Damaging Digital Certs -- Redmondmag.com

Barney's Blog

Damaging Digital Certs

Digital certificates are supposed to protect our security. But hackers have somehow managed to create nine bogus certificates that could be used to violate the very core of your network.

Even though hackers hacked into certs from the Comodo Group, Microsoft was the one who first brought the issue to light this week.

Maybe that's because the certs can be used to breech the defenses of Windows Live and Google. For some reason, Google didn't raise any major alarms.

The hack was made possible because a major jerk somehow managed to get the password and user name of a Comodo worker. The source of the hack appears to be Iran but the hacker(s) could have been spoofing the IP address.

Thankfully, no attacks have been thus far reported. But if that changes, the exploits could include phishing and other nefarious deeds.

Browser providers Google, Mozilla and Microsoft have all sent out patches.

Posted by Doug Barney on 03/25/2011 at 1:18 PM

Featured

Why Is Microsoft Support So Bad?

It's not just Azure, though Azure support is a big culprit. So what can Microsoft do to fix it, and why is the answer AI?
Microsoft Finds Multiple AI Models Susceptible to 'Skeleton Key' Attacks

Popular AI models like OpenAI's GPT and Google's Gemini are liable to forget their built-in safety training when fed malicious prompts using the "Skeleton Key" method.
IBM, Microsoft Shake on Cloud Security

Microsoft is extending the reach of its cloud security portfolio by inking yet another partnership with Big Blue's consulting arm.
Sensitivity Labels for Microsoft 365 Copilot, Part 1: Setup

Before you can exclude or protect certain data from Copilot, first you must label it correctly.
EU Regulators Probe Azure-Only Clause in Microsoft-OpenAI Deal

Antitrust watchdogs are not letting up on the Microsoft-OpenAI mega-partnership.