Microsoft overhauls certificate management in response to Flame PKI hack
As part of its monthly 'Patch Tuesday' security updates for June, Microsoft announced changes in how Windows manages certificates. These changes include a new automatic updater tool for Windows 7 and Windows Vista that will flag stolen or known forged certificates. This shift will have a huge impact on companies and software vendors who use Microsoft's implementation of public key infrastructure as part of their authentication and software distribution'especially if they haven't followed best practices for certificates in the past.
The changes come on the heels of revelations about the recently discovered Flame malware, which used a rogue certificate authority that masqueraded as Microsoft in order to hijack the Windows Update mechanism. On June 8, Microsoft made changes to its Update service to prevent such attacks in the future. The changes announced on June 11 go even further, moving to blunt the use of stolen or forged certificates of any kind from being used by malware writers and other attackers.
According to a post on the Microsoft Security Response Center blog by Microsoft Trustworthy Computing spokesperson Angela Gunn, the new certificate update tool will rely on a 'Disallowed Certificate Trust List' maintained by Microsoft. The tool will check the list daily, moving certificates found on the list to an 'untrusted' store. In the past, moving certificates to untrusted status required manually updating them.
Read more | Comments
http://feeds.feedburner.com/~ff/arst...pM:V_sGLiPBpWU http://feeds.feedburner.com/~ff/arst...pM:F7zBnMyn0Lo http://feeds.feedburner.com/~ff/arst...?d=qj6IDK7rITs http://feeds.feedburner.com/~ff/arst...?d=yIl2AUoC8zA
|All times are GMT -5. The time now is 06:19 AM.|
Powered by vBulletin® Version 3.7.1
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Copyright ©1998 - 2014, nV News.