News

Billions of web users could be hit by internet certification compromise

Cliff Saran

Microsoft is warning that fraudulent certificates for Google, Microsoft Live Yahoo, Mozilla (maker of Firefox) and Yahoo may be used to spoof content from popular web sites.

Certificates are used to tell the browser that the site is trusted. Microsoft is warning that fraudulent digital certificates were issued by the Comodo Certificate Authority. This could allow malicious spoofing of high profile websites, including Google, Yahoo and Windows Live.

IT security and control firm Sophos says that this means an attacker could easily masquerade a malicious web site to appear as a known, trusted site to consumers.

According to Comodo, an account used for the approval of certificate requests was compromised within one of their trusted partners.

Comodo's incident report claims that only one yahoo.com certificate was seen live on the Internet,

However, Fraser Howard, principle threat researcher at Sophos, said: "Users on all platforms should ensure that they've got up-to-date certificate revocation data and appropriate browser settings. From a more long term perspective, let's hope this incident makes industry players audit, not only their own security systems and policies, but those of their trusted partners as well to protect browsers in the future."


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy