FYI: Microsoft digital certificate stolen 
Author Message
 FYI: Microsoft digital certificate stolen

Microsoft digital certificate stolen
http://www.*-*-*.com/ #BODY

--
Michael Harris
Microsoft.MVP.Scripting
--

Please do not email questions - post them to the newsgroup instead.
--



Thu, 11 Sep 2003 09:11:08 GMT  
 FYI: Microsoft digital certificate stolen
On Sat, 24 Mar 2001 17:11:08 -0800 in
microsoft.public.scripting.VBScript, "Michael Harris"

Quote:

>Microsoft digital certificate stolen
>http://www.msnbc.com/news/548228.asp#BODY

Not wishing to be picky ;-) but it wasn't actually "stolen" as it was
never Microsoft's in the first place. Verisign were stupid enough to
issue two certificates to an individual claiming to be from Microsoft,
without checking - needless to say, they weren't.

Anyone relatively savvy should be OK, as trust is on a
certificate-by-certificate basis, not based on a common name - thus,
even though code signed with the official MS certificates may be
trusted by default, an encounter with one of the fake certifcates will
prompt for confirmation of usage.

Basically - *DON'T* trust any certificate claiming to belong to MS
issued on January 29 or 30, 2001.

For more details:

MS Security Bulletin 01-017
http://www.microsoft.com/technet/security/bulletin/MS01-017.asp

MS Knowledge Base article Q293818: "Erroneous VeriSign-Issued Digital
Certificates Pose Spoofing Hazard"
http://support.microsoft.com/support/kb/articles/Q293/8/18.asp

Russ' post on the subject to NTBugTraq
http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0103&L=ntbugt...

For those interested in the more technical details of the problem,
there's a thread on BugTraq (http://www.securityfocus.com and follow
the links to BugTraq, archive, or simply cheat and go to
http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0103&L=ntbugt...
[apologies if that wrapped...])

hth
--
Adam D. Barratt

Please reply to the newsgroup rather than via e-mail



Thu, 11 Sep 2003 09:42:09 GMT  
 FYI: Microsoft digital certificate stolen
Michael Harris schrieb:

Quote:

> Microsoft digital certificate stolen
> http://www.msnbc.com/news/548228.asp#BODY

McAfee's VirusScan and Symantec's NAV are able to detect them:
http://www.sarc.com/avcenter/venc/data/invalid.certificate.html
http://vil.nai.com/villib/dispvirus.asp?virus_k=99058

Regards,
Axel Pettinger



Thu, 11 Sep 2003 15:51:53 GMT  
 FYI: Microsoft digital certificate stolen


Fri, 19 Jun 1992 00:00:00 GMT  
 FYI: Microsoft digital certificate stolen
hi,

VeriSign, Inc, discovered through its routine fraud screening procedures
that on 29 and 30 January 2001, it issued two digital certificates to an
individual who fraudulently claimed to be a representative of Microsoft
Corporation. VeriSign immediately revoked the certificates.

The two certificates were issued on 29 and 30 January 2001, respectively. No
bona fide Microsoft certificates were issued on these dates. The offending
certificates are:

Certificate 1:

  a.. Issued by VeriSign Commercial Software Publishers CA
  b.. Validity period is 1/29/2001 to 1/30/2002
  c.. Serial number is 1B51 90F7 3724 399C 9254 CD42 4637 996A
Certificate 2:

  a.. Issued by VeriSign Commercial Software Publishers CA
  b.. Validity period is 1/30/2001 to 1/31/2002
  c.. Serial number is 750E 40FF 97F0 47ED F556 C708 4EB1 ABFD
All I wonder why Microsoft has just released this notification which says
that this issue will be solved SHORTLY and the patch will be announced !!
You have time guys do not hurry this much :))


Quote:
> Microsoft digital certificate stolen
> http://www.msnbc.com/news/548228.asp#BODY

> --
> Michael Harris
> Microsoft.MVP.Scripting
> --

> Please do not email questions - post them to the newsgroup instead.
> --



Fri, 12 Sep 2003 19:50:46 GMT  
 
 [ 5 post ] 

 Relevant Pages 

1. FYI: Microsoft digital certificate stolen

2. FYI: Microsoft digital certificate stolen

3. FYI: Microsoft digital certificate stolen

4. Digital Certificate

5. x.509 digital certificates and S/MIME

6. Digital Certificate & custom Outlook forms

7. digital certificate

8. Help: Digital Certificate (SelfCert.exe)

9. Problem with Digital Certificate

10. BUG with Digital Certificates in Office XP?

11. Need to bypass digital certificate for my personal VBA project

12. Setting Digital Signature Signing Certificate programmatically

 

 
Powered by phpBB® Forum Software