0 Members and 3 Guests are viewing this topic.
People using Internet Explorer and possibly other Windows applications could be at risk of attacks that abuse counterfeit encryption certificates recently discovered masquerading as legitimate credentials for Google, Yahoo, and possibly an unlimited number of other Internet properties.A blog post published Tuesday by Google security engineer Adam Langley said the fraudulent transport layer security (TLS) certificates were issued by the National Informatics Centre (NIC) of India, an intermediate certificate authority that is trusted and overseen by India's Controller of Certifying Authorities (CCA). The CCA, in turn, is trusted by the Microsoft Root Store, a library that IE and many other Windows apps rely on to process the TLS certificates that banks, e-mail providers, and other online services use to encrypt traffic and prove their authenticity. (Firefox, Thunderbird, and Chrome on Windows aren't at risk.)
Microsoft has issued an emergency update for most supported versions of Windows to prevent attacks that abuse recently issued digital certificates impersonating Google and Yahoo. Company officials warned undiscovered fraudulent credentials for other domains may still be in the wild.
At the moment, there is no way for systems running Windows Server 2003 to revoke the fraudulent certificates.