Flame Malware Signed By 'Rogue' Microsoft Cert, Once Again Highlights Problems With Relying On Certs

from the time-to-move-forward dept

We've discussed in the past just how dangerous our reliance on Certificate Authorities "signing" security certificates has become. This is a key part of the way we handle security online, and yet it's clearly subject to abuse. The latest such example: the now infamous Flame malware that targeted computer systems in the Middle East was signed by a "rogue" Microsoft certificate -- one which was supposed to be used for allowing employees to log into a remote system. Microsoft rushed out a security update over the weekend, but that doesn't change the core problem: the whole setup of relying so heavily on secure certificates seems to be increasingly dangerous.

Filed Under: certificate authorities, flame, malware, middle east, security
Companies: microsoft


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. icon
    Ninja (profile), 6 Jun 2012 @ 3:55am

    Re: Re: Re: Re: Re:

    Actually it's pretty clear he says we need to diversify our security measures to the point that if one fails we are not completely exposed. And he's 100% right. DNSSEC is one step to make things more secure. And if you are not just an annoying shill you'll actually admit that Mike is not an IT expert to develop a new solution to the problem. However, problems need to be addressed at some point. And to be addressed some1 has to rise awareness of it. Mike is reporting and providing evidence that the problem needs to be addressed (as he later showed that it is happening in the comments).

    It's only FUD if you are too ignorant to understand what's happening. I see a problem with security certificates and I'm not panicking. I also see huge problems with our current financial system. And I'm not panicking. Neither should you.

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Special Affiliate Offer

Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.