Microsoft has revoked more than two dozen digital certificates used to prove its wares are genuine after discovering some of them could be subject to the same types of attacks orchestrated by the designers of the Flame espionage malware.
Tuesday's revocation of 28 certificates is part of a much larger overhaul of Microsoft's cryptographic key management regimen that's designed to make it more resistant to abuse. The housecleaning follows last month's discovery that some of the company's trusted digital signatures were being abused to certify the validity of the Flame malware that has infected computers in Iran and other Middle Eastern Countries. By forging the cryptographic imprimatur used to certify the legitimacy of Windows updates, Flame was able to spread from one computer to another inside an infected network.
Like the intermediate certificate authorities that Flame abused to hijack the Windows Update mechanism, at least some of the certificates Microsoft moved into its Untrusted Certificate Store on Tuesday contained code-signing permissions. An advisory characterized the purge as a "pre-emptive cleanup" and said there's no evidence any of the certificates have been abused or compromised.
Read 9 remaining paragraphs | Comments
DIGITAL JUICE
No comments:
Post a Comment
Thank's!