Flame Malware Signed By 'Rogue' Microsoft Cert, Once Again Highlights Problems With Relying On Certs

from the time-to-move-forward dept

We've discussed in the past just how dangerous our reliance on Certificate Authorities "signing" security certificates has become. This is a key part of the way we handle security online, and yet it's clearly subject to abuse. The latest such example: the now infamous Flame malware that targeted computer systems in the Middle East was signed by a "rogue" Microsoft certificate -- one which was supposed to be used for allowing employees to log into a remote system. Microsoft rushed out a security update over the weekend, but that doesn't change the core problem: the whole setup of relying so heavily on secure certificates seems to be increasingly dangerous.

Filed Under: certificate authorities, flame, malware, middle east, security
Companies: microsoft

Reader Comments

Subscribe: RSS

View by: Time | Thread

  1. identicon
    Wally, 4 Jun 2012 @ 10:14pm

    Screw IE

    It has been no secret that Microsft Internet Explorer is still the most lousy web browser as far as security is concerned. I know nothing of security certificates, but I know they are rather important. All I know is I avoid using IE like the plague. I once had a mobile (Thumbdrive) version of FireFox just so I would have an alternative at college. FireFox, Chrome and Opera are far better at verifying rogue certificates. FireFox is the best at it, Chrome a close second.
    There are three things to keep your computer secured.
    1: use a wireless router as your physical firewall. Use Microsoft's DEP and Built in Firewall. Vista Users have the added bonus of User Account Control being on by default....which identifies whether or not you were the one who just double clicked on the link to a program.

    2. The best Malware/Antivirus Software is currently available for free. Microsoft Security Essentials will pick up viruses on virtual hard disks made by my Macintosh emulator. It treats all VMware hard disks as a volume. You can set the amount of CPU power consumption by it running in the background to 10%.

    3. To clear your browser cache and to have a registry error check and fix, CCleaner works very well.

    After all this, just avoid using Internet Explorer altogether.

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here

Subscribe to the Techdirt Daily newsletter

Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Special Affiliate Offer

Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Report this ad  |  Hide Techdirt ads
Recent Stories
Report this ad  |  Hide Techdirt ads


Email This

This feature is only available to registered users. Register or sign in to use it.