On WednesdayMicrosoft warnedof 9 false SSL certificates that were issued by a certification authority that would affect all versions of Windows which support the ‘Trusted Root Certification Authorities Store.’
The certificates were originally released by Comodo, a company that ironically specializes in Internet security. According to Microsoft the “nine certificates had been signed on behalf of a third-party without sufficiently validating its identity.”
In short, a Comodo affiliate called ‘RA’was compromisedand then used to issue the 9 certificates, which effect 7 domains. A Comodopost on the topiccalls the situation “politically motivated” and “state funded,” with a firm finger pointed at Iran. Comodo is in effect accusing a nation-state of attacking their affiliate to create fake SSL certificates.
These 9 certificates affect several websites, including all of the following:
Calling all Scaleup founders! Join the Soonicorn Summit on November 28 in Amsterdam.
Meet with the leaders of Picnic, Miro, Carbon Equity and more during this exclusive event dedicated to Scaleup Founders!
Three of the rogue certificates affect the login.yahoo.com URL. Comodo has revoked the certificates and has placed them on a list that will allow certain browsers to automatically protect themselves.
According to Microsoft the certificates could be used to “spoof content, perform phishing attacks, or perform man-in-the-middle attacks against all Web browser users including users of Internet Explorer.”
All Windows users who have updates automatically delivered to their computers will be sorted with no intervention required on their part.
If you are worried, you candownload an update from Microsoftdirectly that will protect you.
Story byAlex Wilhelm
Alex Wilhelm is a San Francisco-based writer. You can find Alex on Twitter, and on Facebook. You can reach Alex via email at alex@thenextweb(show all)Alex Wilhelm is a San Francisco-based writer. You can find Alex onTwitter,and onFacebook.You can reach Alex via email atalex@thenextweb.com
Get the TNW newsletter
Get the most important tech news in your inbox each week.
