Microsoft warns of fake SSL certificate for Windows Live




Microsoft has warned of a fake SSL certificate that is useful for Finnish domain for Windows Live. Attackers could use the false certificate to establish a reliable man in the middle attack.

The erroneous certificate was issued for the domain that indeed owned by Microsoft for the Windows Live services on the software maker. According to Microsoft’s fake SSL certificate can not be used to generate other certificates or certifying code. However, an attacker can use the certificate, if he can intercept a user’s connection to a false website and serve as example intercept login information. The user can not see that what is going on, because the certificate is correct apparently.

Microsoft has its own certificate revocation list updated, so users of Internet Explorer and Chrome on Windows should no longer be affected. Firefox manages its own certificates, and Chrome on other operating systems; it is unclear whether the forged certificate is made inaccessible to those configurations. Microsoft says it has no evidence that an attack has taken place through the false certificate.


In: Technology & Gadgets Asked By: [15446 Red Star Level]

Answer this Question

You must be Logged In to post an Answer.

Not a member yet? Sign Up Now »