Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Blacklists Fake Finnish Certificate

Posted by timothy on from the so-that-would-be-a-veneer dept.

jones_supa writes Microsoft has issued a warning that a fraudulent SSL digital certificate has been issued in the name of a Finnish version of its Windows Live service. Although the company says it has revoked the certificate, security experts warn that older software may continue to "trust" the known bad certificate for months or even years, and that attackers could use it to trick users into running malware. "Microsoft is aware of an improperly issued SSL certificate for the domain 'live.fi' that could be used in attempts to spoof content, perform phishing attacks or perform man-in-the-middle attacks," Microsoft says in a March 16 security alert. "It cannot be used to issue other certificates, impersonate other domains or sign code. This issue affects all supported releases of Microsoft Windows. Microsoft is not currently aware of attacks related to this issue."

1 of 29 comments (clear)

  1. Re:not Finland. the guy on the phone is from India by rmdingler · · Score: 1, Funny

    It is positively Palinesque that he can tell from there.

    --
    Happiness in intelligent people is the rarest thing I know.

    Ernest Hemingway