Billions of web users could be hit by internet certification compromise


Billions of web users could be hit by internet certification compromise

Cliff Saran

Microsoft is warning that fraudulent certificates for Google, Microsoft Live Yahoo, Mozilla (maker of Firefox) and Yahoo may be used to spoof content from popular web sites.

Certificates are used to tell the browser that the site is trusted. Microsoft is warning that fraudulent digital certificates were issued by the Comodo Certificate Authority. This could allow malicious spoofing of high profile websites, including Google, Yahoo and Windows Live.

IT security and control firm Sophos says that this means an attacker could easily masquerade a malicious web site to appear as a known, trusted site to consumers.

According to Comodo, an account used for the approval of certificate requests was compromised within one of their trusted partners.

Comodo's incident report claims that only one certificate was seen live on the Internet,

However, Fraser Howard, principle threat researcher at Sophos, said: "Users on all platforms should ensure that they've got up-to-date certificate revocation data and appropriate browser settings. From a more long term perspective, let's hope this incident makes industry players audit, not only their own security systems and policies, but those of their trusted partners as well to protect browsers in the future."

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy