by Mike Masnick
Mon, Jun 4th 2012 7:37pm
We've discussed in the past just how dangerous our reliance on Certificate Authorities "signing" security certificates has become. This is a key part of the way we handle security online, and yet it's clearly subject to abuse. The latest such example: the now infamous Flame malware that targeted computer systems in the Middle East was signed by a "rogue" Microsoft certificate -- one which was supposed to be used for allowing employees to log into a remote system. Microsoft rushed out a security update over the weekend, but that doesn't change the core problem: the whole setup of relying so heavily on secure certificates seems to be increasingly dangerous.
If you liked this post, you may also be interested in...
- If Virginia Elections Weren't Hacked, It's Only Because No One Tried
- Netflix Moving To Encrypted Streams, As Mozilla Moves To Deprecate Unencrypted Web Pages As Insecure
- Modders Un-Region-Restricting Halo Online Undeterred By Microsoft DMCA
- Security Audit Of TrueCrypt Doesn't Find Any Backdoors -- But What Will Happen To TrueCrypt?
- Microsoft Steps In To Clean Up Lenovo's Superfish Mess -- While Lenovo Stumbles And Superfish Remains Silent