Microsoft is warning that fraudulent certificates for Google, Microsoft Live Yahoo, Mozilla (maker of Firefox) and Yahoo may be used to spoof content from popular web sites.
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
Certificates are used to tell the browser that the site is trusted. Microsoft is warning that fraudulent digital certificates were issued by the Comodo Certificate Authority. This could allow malicious spoofing of high profile websites, including Google, Yahoo and Windows Live.
IT security and control firm Sophos says that this means an attacker could easily masquerade a malicious web site to appear as a known, trusted site to consumers.
According to Comodo, an account used for the approval of certificate requests was compromised within one of their trusted partners.
Comodo's incident report claims that only one yahoo.com certificate was seen live on the Internet,
However, Fraser Howard, principle threat researcher at Sophos, said: "Users on all platforms should ensure that they've got up-to-date certificate revocation data and appropriate browser settings. From a more long term perspective, let's hope this incident makes industry players audit, not only their own security systems and policies, but those of their trusted partners as well to protect browsers in the future."