Information Security News mailing list archives
Re: Microsoft says beware of stolen certificates
From: InfoSec News <isn () C4I ORG>
Date: Fri, 23 Mar 2001 20:29:47 -0600
http://biz.yahoo.com/prnews/010323/sff029.html Friday March 23, 11:46 am Eastern Time Press Release SOURCE: ValiCert, Inc. ValiCert Provides Secure Electronic Commerce Solution for Environments With Revoked or False Digital Certificates What: Falsely issued or revoked digital certificates are one of the primary security issues that are inhibiting the full-scale deployment of e-Commerce. In light of the recent statements by Microsoft Inc. that two digital certificates have been mistakenly issued in their name, there is now concrete evidence that users must validate digital certificates before trusting them in order to safeguard their electronic activity, whether it be downloading applets, or engaging in high value e-Transactions. In situations such as this, the validation of digital certificates would provide a necessary step required to warn users before they place trust in the certificate, thus eliminating the threat before it does damage. ValiCert, Inc (Nasdaq: VLCT - news) made its name as a leading provider of Validation Authority(TM) (VA) solutions for digital certificates. ValiCert's solutions provide the proactive process for the effective validation of digital certificates, to detect revoked or false digital certificates before they cause harm. Without validation, ex-employees and short-term workers can use revoked certificates to access confidential systems, even after they have left the organization. ValiCert representatives are available to offer their expert industry perspective on how the use of ValiCert products allows for the safe engagement of e-Commerce transactions in light of falsely issued or revoked digital certificates. -----Original Message----- From: ISN Mailing List [mailto:ISN () SECURITYFOCUS COM]On Behalf Of InfoSec News Sent: Thursday, March 22, 2001 8:44 PM To: ISN () SECURITYFOCUS COM Subject: [ISN] Microsoft says beware of stolen certificates http://www.zdnet.com/zdnn/stories/news/0,4586,5079987,00.html?chkpt=zdhpnews 01 By Robert Lemos ZDNet News UPDATED March 22, 2001 3:46 PM PT Two digital certificates have been mistakenly issued in Microsoft's name that could be used by virus writers to fool people into running harmful programs, the software giant warned Thursday. According to Microsoft, someone posing as a Microsoft employee tricked VeriSign, which hands out so-called digital signatures, into issuing the two certificates in the software giant's name on Jan. 30 and Jan. 31. Such certificates are critical for businesses and consumers who download patches, updates and other pieces of software from the Internet, because they verify that the software is being supplied from a particular company, such as Microsoft. In this case, a person using the VeriSign-issued certificates could post a virus on the Web that would appear to be from Microsoft but could actually be used to wipe out a person's hard drive, for example. ISN is hosted by SecurityFocus.com --- To unsubscribe email LISTSERV () SecurityFocus com with a message body of "SIGNOFF ISN".
Current thread:
- Microsoft says beware of stolen certificates InfoSec News (Mar 23)
- <Possible follow-ups>
- Re: Microsoft says beware of stolen certificates InfoSec News (Mar 23)