Security Tips & Talk

Tips about computer security, online safety, and privacy

Security advisory: Fraudulent digital certificates could allow spoofing

Security advisory: Fraudulent digital certificates could allow spoofing

  • Comments 6

Microsoft released a security advisory today warning about fraudulent digital certificates that could be used to spoof content, perform phishing attacks, or perform other exploits that could put you at risk.

The best way to protect yourself is to turn on Windows automatic updating.

What are digital certificates?

Digital certificates are used to verify the identity of a website.

We're releasing this advisory because Comodo, a major certification authority, informed Microsoft that several digital certificates have been issued without sufficiently validating their identity. These certificates could be used to spoof the identity of services and trick you into trusting them.

Comodo has revoked these certificates, and they are listed in Comodo's current Certificate Revocation List (CRL). If your computer is up to date, it will recognize that these certificates are invalid.

For more information:


 

 

Comments
  • I got a suspicious email supposedly from Hotmail live asking for my password, and other sensitive information. it says if i don't give it withing 2 weeks. i'll loose my account. is this real? i will not answer till i know more. but since there is no way to contact hotmail advisors, i am asking any of you.

  • @ elf McChristmas,

    Delete the email, that is a phishing email.

  • It's only true if you want it to be!

    What this means is if you want to fall for this scam by all means help yourself.

  • I continuously get them from my ISP and yet they tell me that their Certificate is up to date.  Not only do I get it with IE-9 but with Office Pro's 2010 Outlook.  Somethings screwy here it they are telling me they are up to date and Microsoft isn't picking it up.

  • Always check where it came from, elf.  And for the record with any known legit website, they should never ask for any sensitive info.  Everything you do on the Net is completely voluntary.  

  • That email you got is fake. Don't give them your password or any other information.

Page 1 of 1 (6 items)