Flame Malware Signed By 'Rogue' Microsoft Cert, Once Again Highlights Problems With Relying On Certs

from the time-to-move-forward dept

We've discussed in the past just how dangerous our reliance on Certificate Authorities "signing" security certificates has become. This is a key part of the way we handle security online, and yet it's clearly subject to abuse. The latest such example: the now infamous Flame malware that targeted computer systems in the Middle East was signed by a "rogue" Microsoft certificate -- one which was supposed to be used for allowing employees to log into a remote system. Microsoft rushed out a security update over the weekend, but that doesn't change the core problem: the whole setup of relying so heavily on secure certificates seems to be increasingly dangerous.

Filed Under: certificate authorities, flame, malware, middle east, security
Companies: microsoft

Reader Comments

Subscribe: RSS

View by: Time | Thread

  1. icon
    Some Other AC (profile), 5 Jun 2012 @ 6:21am

    Re: Screw IE

    While I agree with most of your post, there are occasions where for whatever reason, a Web application is coded to only work properly with a specific Browser version. This can be based on a number of factors, so I will not attempt to debate them all. As for the reference to Vista, Windows 7 also has the UAC enabled by default in most systems. Believe me, as a former internal IT staff member where I work, the number of complaints about the manner of notification with UAC in Win7 by default was huge.
    Best bet for increasing overall security on Systems, regardless of OS version used, is Education and multiple layers of security. Anti-virus programs(updated regularly), Firewalls(both Software and Hardware based), regular updating of OS and applications, and a good dose of basic education will lead to a more secure computing environment for most people who don't have access to Enterprise levels of cash to spend on expensive options.

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here

Subscribe to the Techdirt Daily newsletter

Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Insider Shop - Show Your Support!

Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Report this ad  |  Hide Techdirt ads
Recent Stories
Report this ad  |  Hide Techdirt ads


Email This

This feature is only available to registered users. Register or sign in to use it.