| Author |
 Topic  |
|
|
BaftaBaby 
"Always entranced by cinema."
|
 Posted - 03/24/2011 : 07:54:03
|
Hi All
If, like me, you've chosen not to automate MicroSoft windows updates, here's the security advisory they're issuing yesterday/today. It may be relevant for you.
HelpfulBabe
quote:
Microsoft Security Advisory (2524375)
Fraudulent Digital Certificates Could Allow Spoofing
Published: March 23, 2011
Version: 1.0
General Information
Executive Summary
Microsoft is aware of nine fraudulent digital certificates issued by Comodo, a certification authority present in the Trusted Root Certification Authorities Store on all supported versions of Microsoft Windows. Comodo advised Microsoft on March 16, 2011 that nine certificates had been signed on behalf of a third party without sufficiently validating its identity. These certificates may be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against all Web browser users including users of Internet Explorer.
These certificates affect the following Web properties:
- login.live.com
- mail.google.com
- www.google.com
- login.yahoo.com (3 certificates)
- login.skype.com
- addons.mozilla.org
- "Global Trustee"
Comodo has revoked these certificates, and they are listed in Comodo�s current Certificate Revocation List (CRL). In addition, browsers which have enabled the Online Certificate Status Protocol (OCSP) will interactively validate these certificates and block them from being used.
|
|
|
benj clews 
"...."
|
Posted - 03/29/2011 : 14:13:59
|
Bit confused... what do site certificates have to do with windows updates? This just looks like a warning about trusting https urls for the listed sites.
I should stress that it's generally a good idea to have MS updates set to install automatically to ensure you're patched against security holes as soon as is computerly possible- the only downside is that sometimes you might find your PC rebooted in your absence! |
 |
|
|
BaftaBaby
"Always entranced by cinema."
|
Posted - 03/29/2011 : 14:42:18
|
quote:
Originally posted by benj clews
Bit confused... what do site certificates have to do with windows updates? This just looks like a warning about trusting https urls for the listed sites.
I should stress that it's generally a good idea to have MS updates set to install automatically to ensure you're patched against security holes as soon as is computerly possible- the only downside is that sometimes you might find your PC rebooted in your absence!
I received the pop-up MS windows update notice on my local machine with a ref number. When I clicked on it, I got the above. Since I use Comodo as my Firewall, I thought I'd better pay attention.
But thanks, benj, for the good advice about updating. I pretty nearly always do, but I just like to check if anything's particularly relevant to me.
|
|
|
|
Sean 
"Necrosphenisciform anthropophagist."
|
Posted - 03/29/2011 : 21:28:48
|
I always set mine to "notify me but do not automatically download". I always do them as soon as I've been notified, but like to keep control so if something screws up following an update I know where to look.
|
|
|
| |
Topic |
|
Fraudulent Digital Certificates Could Allow Spoofi
