FYI: Microsoft digital certificate stolen 
Author Message
 FYI: Microsoft digital certificate stolen

Microsoft digital certificate stolen
http://www.*-*-*.com/ #BODY

--
Michael Harris
Microsoft.MVP.Scripting
--

Please do not email questions - post them to the newsgroup instead.
--



Thu, 11 Sep 2003 09:11:36 GMT  
 FYI: Microsoft digital certificate stolen
On Sat, 24 Mar 2001 17:11:36 -0800 in
microsoft.public.inetsdk.programming.scripting.VBScript, "Michael

Quote:
>http://www.msnbc.com/news/548228.asp#BODY

Not wishing to be picky ;-) but it wasn't actually "stolen" as it was
never Microsoft's in the first place. Verisign were stupid enough to
issue two certificates to an individual claiming to be from Microsoft,
without checking - needless to say, they weren't.

Anyone relatively savvy should be OK, as trust is on a
certificate-by-certificate basis, not based on a common name - thus,
even though code signed with the official MS certificates may be
trusted by default, an encounter with one of the fake certifcates will
prompt for confirmation of usage.

Basically - *DON'T* trust any certificate claiming to belong to MS
issued on January 29 or 30, 2001.

For more details:

MS Security Bulletin 01-017
http://www.microsoft.com/technet/security/bulletin/MS01-017.asp

MS Knowledge Base article Q293818: "Erroneous VeriSign-Issued Digital
Certificates Pose Spoofing Hazard"
http://support.microsoft.com/support/kb/articles/Q293/8/18.asp

Russ' post on the subject to NTBugTraq
http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0103&L=ntbugt...

For those interested in the more technical details of the problem,
there's a thread on BugTraq (http://www.securityfocus.com and follow
the links to BugTraq, archive, or simply cheat and go to
http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0103&L=ntbugt...
[apologies if that wrapped...])

hth
--
Adam D. Barratt

Please reply to the newsgroup rather than via e-mail



Thu, 11 Sep 2003 09:39:28 GMT  
 
 [ 2 post ] 

 Relevant Pages 

1. Where can I download Pascal?

2. Changing Dataset of DBChart

3. FYI: Microsoft digital certificate stolen

4. FYI: Microsoft digital certificate stolen

5. FYI: Microsoft digital certificate stolen

6. Digital Certificate

7. x.509 digital certificates and S/MIME

8. source avi

9. Digital Certificate & custom Outlook forms

10. digital certificate

11. Help: Digital Certificate (SelfCert.exe)

12. Problem with Digital Certificate

 

 
Powered by phpBB® Forum Software