POLALA.COM
welcome to my space
X
Web Design | Video Games | RVs | Religion | Management | Supplements and Vitamins | Software | Basketball | Related articles
Search:  
Welcome to:polala.com
 HOME   Microsoft Creates Patch for Digital Certificate Holes

Microsoft Creates Patch for Digital Certificate Holes

Published by: jack 2009-01-08

One week after Microsoft Corp. said two false digital certificates were issued in its name by VeriSign Inc., the software giant has patched the security holes.

Consortio Services Blog::
Find out more about Trust Digital at trustdigital.com. In the news, we discuss a kaleidoscope of a patch from Microsoft, social networking for G Men,
http://www.consortioservices.com/blog/HOME
Consumers who check the company's security bulletin will find the cure here.

VeriSign mistakenly issued two Class 3 certificates to an employee claiming to be a Microsoft employee in late January. The certificates could be used to sign programs, ActiveX controls, Office macros and other executable content. Microsoft said Windows 95, Windows 98, Windows Me, Windows NT 4.0 and Windows 2000 are affected by the vulnerability.

A digital certificate is used to sign off, so to speak, on electronic documents, such as contracts, Web sites and code. Certificates verifiy that an author has signed the document. Unfortunately for Microsoft, the certificates are part of its software verification scheme.

"Of these, signed ActiveX controls and Office macros would pose the greatest risk, because the attack scenarios involving them would be the most straightforward," Microsoft said in the security bulletin. "Both ActiveX controls and Word documents can be delivered via either Web pages or HTML mails. ActiveX controls can be automatically invoked via script, and Word documents can be automatically opened via script unless the user has applied the Office Document Open Confirmation Tool."

Theoretically, a hacker could trigger a Trojan horse or some form of executable virus and make it look as though Microsoft was the perpetrator.

Malicious Mobile Code: Virus Protection for Windows: Chapter 11 ::
When you download signed code and its digital certificate, Internet Explorer .. Microsoft released a patch in December 2000 to close the hole.
http://oreilly.com/catalog/malmobcode/chapter/ch11.htmlHOME
@Macarlo Networks, Incorporated - Online since 1997::
Apple releases patch for Mac OS X The Mac maker plugs security holes in The Mac OS X update highlights the different tacks Apple and Microsoft have
http://macarlo.com/macos.htmHOME
VeriSign VP Mahi deSilva took some responsibility last week for the problem, saying that an employee had not followed the company's established procedures. VeriSign has since revoked the certificates and listed them in its current Certificate Revocation List (CRL), but VeriSign's code-signing certificates don't specify a CRL Distribution Point (CDP). Accordingly, it was not possible for a browser's CRL-checking mechanism to download the VeriSign CRL and use it.

For best possible use of the patch, Microsoft strongly recommends that customers use Internet Explorer 5 or later before installing the update. The update will be included in Windows XP Gold and Windows 2000 Service Pack 2, as well as in Internet Explorer 6.

While Microsoft has scurried to rectify the breach, the fraudulent certificates come at an inconvenient time for the firm, which is preaching security and privacy in light of several questions raised by its pending software-as-a-service strategy HailStorm.

Most of what the public knows as HailStorm is based on Passport and is geared to provide both privacy and security protection and personalization services across all sites that implement it. It will enable consumers to have a single sign-on to all .Net-based sites and to create preferences.

Still, Gartner Group has said that VeriSign should bear the brunt of responsibility and must act on it by undertaking a security audit to ensure that other fraudulent certificates have not been issued under other trusted names, as well as provide proof that it has rectified the deficiencies that led to this problem. The research firm went so far as to suggest that enterprises remove the VeriSign Commercial Software Publishers CA certificate from the Trusted Root Store in all browsers if VeriSign does not take these actions by May.


Where's The Advantage In Windows Genuine Advantage?
Stocks Bounce After S&P Joins Bear Market

You are looking at:polala.com's Microsoft Creates Patch for Digital Certificate Holes, click polala.com to home
  • rebel xt is my first camera not just slr lots of pics
  • tips for action photography
  • b w photo with some coloured elements
  • ef vs ef s
  • digital camera with continuous flash strobe effect
  • what do the various nikkor letters mean
  • doubt about dslr
  • lumix dcm fz30 vs canon eos 400d
  • ok camera and nice lens
  • passport photography help
  • my introduction
  • photoshop 5 5 and raw
  • dslr sony alpha 100

  • choosing first
  • canon speedlite automatic flash strobe model 155a
  • first camera which should i get minolta maxxum 35mm vs canon t70
  • digital slr camera for product photography
  • copyright legal question
  • lights
  • d70 vs d50
  • d50 memory
  • help with my evolt e500
  • which camera wolud be better do you think
  • priting question
  • how do i shoot green against blue
  • looking for sub 500 camera fuji s5200
  • shelf life of film
    • #If you have any other info about this subject , Please add it free.#
    Your name:
    E-mail:
    Telphone:

    Your comments:


    If you have any other info about Microsoft Creates Patch for Digital Certificate Holes , Please add it free.
    About us |Contact us |Advertisement |Site map |Exchange links
    Copyright© 2008polala.com All Rights Reserved