Microsoft blacklists fraudulently issued SSL certificate
Microsoft released an update to blacklist an SSL certificate for one of its domain names that was issued to an unauthorized third party.
Microsoft released an update to blacklist an SSL certificate for one of its domain names that was issued to an unauthorized third party.
New cases of insecure HTTPS traffic interception are coming to light as researchers probe software programs for implementations that could enable malicious attacks. The latest software to open a man-in-the-middle hole on users' PCs is a new version of PrivDog, an advertising product with ties to security vendor Comodo.
It's generally accepted that antivirus programs provide a necessary protection layer, but organizations should audit such products before deploying them on their systems because many of them contain serious vulnerabilities, a researcher warned.
Tens of thousands of new digital certificates have been issued by Comodo in the wake of the "Heartbleed" security flaw, which has put Internet users' data at risk.
McAfee research indicates that a steep rise in the amount of malware signed with legitimate digital certificates -- not forged or stolen ones -- is a growing threat that raises the question whether there should be some kind of "certificate reputation services" or other method to stop certificate abuse.