Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Microsoft Security The Internet IT

Microsoft Revokes Trust In 28 of Its Own Certificates 78

Trailrunner7 writes "In the wake of the Flame malware attack, which involved the use of a fraudulent Microsoft digital certificate, the software giant has reviewed its certificates, found nearly 30 that aren't as secure as the company would like, and revoked them. Microsoft also released its new updater for certificates as a critical update for Windows Vista and later versions as part of today's July Patch Tuesday. Microsoft has not said exactly what the now-untrusted certificates were used for, but company officials said there were a total of 28 certificates affected by the move. However, the company said it was confident none of them had been compromised or used maliciously. The move to revoke trust in these certificates is a direct result of the investigation into the Flame malware and how the attackers were able to forge a Microsoft certificate and then use it to impersonate a Windows Update server."
This discussion has been archived. No new comments can be posted.

Microsoft Revokes Trust In 28 of Its Own Certificates

Comments Filter:
  • by Antipater ( 2053064 ) on Tuesday July 10, 2012 @04:57PM (#40607917)
    That's what you get when you leave valuable certificates near open flames.
    • Verisign last year and now Microsoft plus SSL encryption being picked apart nothing is really safe on the web anymore.
      • by X0563511 ( 793323 ) on Tuesday July 10, 2012 @05:08PM (#40608035) Homepage Journal

        plus SSL encryption being picked apart

        Only if system administrators fail at configuration. [ssllabs.com]

      • The web has never been safe......encryption is not 'safe'

        UK intelligence agencies take this approach.

        We learnt this from Bletchley Park ;)

      • by Anonymous Coward on Tuesday July 10, 2012 @05:50PM (#40608443)

        OT, but related (somewhat):

        > Verisign last year and now Microsoft plus SSL encryption being picked apart nothing is really safe on the web anymore.

        Yes, nothing works because M$ doesn't work, then computers as a rule don't work, too. Do people still have some minimal grasp of logic? Or is this a feeble attempt at creating FUD?

        BTW, am I supposed to buy a computer with a "secure boot" with keys from Verisign and M$?

        Let me say that bluntly: enemies of the USA will manage to get keys (at what price, I can only wonder) the next day, while Linux users will have to purchase M$ (copyrighted?) keys to put Linux on their own PCs (maybe).

        Again, secure boot is safe for who, really?

        • Re: (Score:3, Insightful)

          by symbolset ( 646467 ) *
          The purpose for secure boot is to protect the hardware from non-Windows operating systems. It's irony.
        • by mug funky ( 910186 ) on Tuesday July 10, 2012 @10:59PM (#40610637)

          the "enemies of the USA" did not create flame, nor compromise these certificates.

          you're looking for "USA and it's special friend" there. this is public knowledge now.

          • by Yvanhoe ( 564877 )
            Yes, ad a non-American I feel this way too. Considering that Flame seems to be a governmental virus too, presumably from USA, it asks the question : On the 28 certificates, how many were handled from Microsoft to the Flame writers through a secret deal or through classic corruption ?

            Nowadays, it sounds more and more reasonable to assume that Windows with any kind of auto updating is rootable by the CIA. I do not want that, and that will effectively force me to have a redundancy of computers. I doubt that
        • by sFurbo ( 1361249 )

          Linux users will have to purchase M$ (copyrighted?) keys to put Linux on their own PCs.

          They shouldn't be copyrightable, as they are not the result of creative work, but are random. Just like the HD-DVD code should not have been copyrightable. Whether "should" will have any effect on "are" is another problem.

          • It's not the public key, which is the part that is distributed, that is the part you need. You need the private key to sign the binaries so that UEFI can use the public key to verify them.

            As the name implies, the private key is kept private. You don't need to distribute it, just sign things with it. If the key holder is smart, they'll generate the key on a smart card and arrange matters such that it never leaves the smart card, and then lock it in a safe when they aren't signing binaries.

            Once the private ke

            • If the key holder is smart, they'll generate the key on a smart card and arrange matters such that it never leaves the smart card, and then lock it in a safe when they aren't signing binaries.

              Actually, keys like this are generated within certified hardware security modules (HSMs) which guarantee that the key will *never* leave the unit, not even if an administrator says it's ok. The HSM simply hasn't got the functionality. The HSM will be able to backup the keys in *encrypted* form to an external unit (possibly another HSM) or media. HSMs typically also has an array of anti-tamper protections such as embedding the chips in solid blocks of epoxy, vibration sensors, temperature sensors, accelerome

    • by SeaFox ( 739806 )

      Yup, looks like Microsoft really got burned on this one. Now their security clout is even more up in smoke.

  • good! (Score:4, Insightful)

    by X0563511 ( 793323 ) on Tuesday July 10, 2012 @05:05PM (#40608001) Homepage Journal

    I'm hardly a Microsoft fan, but good! They seem to be taking a proactive approach here.

    • I'm hardly a Microsoft fan, but good! They seem to be taking a proactive approach here.

      Yes, they're taking a proactive approach to push upgrades from XP.

      • Yes, they're taking a proactive approach to push upgrades from XP.

        Yeah, if only they would provide a download link [microsoft.com] for Windows XP and Server 2003 in a knowledge base article [microsoft.com] so that we could find it if we bothered to look for it!

    • I would hardly call it proactive, they have just discarded all the certs that would have been considered insecure a couple of years ago. A company that promotes "trusted computing" should have done this when they were found to be insecure.

      The proactive approach would be to upgrade all certs to 2048 bits so they will be as good as current best standardized strength*. This is just removing those that they would consider insecure MD5 and less than 1024 bits. This is bear minimum to try and mitigate the damage.

    • Having had to support Microsoft junk for over 15 years, the cynic in me screams that this was a reactive approach.

    • Certificates, what could possibly go wrong?

      "I'm Spartacus."

      "No, I'm Spartacus!"

      "No, I'm Spartacus!!1!1!111!!"

  • by thoughtsatthemoment ( 1687848 ) on Tuesday July 10, 2012 @05:11PM (#40608067) Journal
    If they were able to fake a Windows update server, it'd have to to be as effective as an inside job.
  • Didn't the whole attack hinge on a hash collision of an algorithm that's thought to be probably insecure and obsolete for years? (md5).. That, and it was implemented weakly in the first place?

    So when are we going to see md5 replaced by a more secure method? (sha1?)

    • Re: (Score:3, Informative)

      by cryptizard ( 2629853 )
      Thats the whole point of this, they replaced old certificates with new ones that don't use MD5.
  • by darkpixel2k ( 623900 ) on Tuesday July 10, 2012 @05:36PM (#40608309)

    Microsoft Revokes Trust In 28 of Its Own Certificates

    Old news. I revoked my trust in Microsoft over a decade ago...

  • Not used maliciously (Score:5, Interesting)

    by bhlowe ( 1803290 ) on Tuesday July 10, 2012 @05:42PM (#40608375)
    The centrifuge operators in Iran may beg to differ..
  • Then they would be on to something.

  • by Anonymous Coward

    XP (and early) users beware!

  • by k(wi)r(kipedia) ( 2648849 ) on Tuesday July 10, 2012 @06:36PM (#40608857)

    if, a few years into the future, somebody dusts off an old copy of Windows Vista/7 and runs an update. Will that version of Vista/7 still update? Will it still work?

    I'm asking because of this whole business with certificate revocation. Obviously, to revoke a certificate "successfully" without inconveniencing users, you have to update users' systems to the new certificate using the old one. This has obvious consequences for the maintainance of Secure Boot-enabled systems.

    • if, a few years into the future, somebody dusts off an old copy of Windows Vista/7 and runs an update. Will that version of Vista/7 still update? Will it still work?

      Depends, will there still be an active activation server?

      • Forgot about that one.

        Secure Boot appears to be an attempt to impose a Microsoft solution to a security problem. Secure Boot would be perfect for Windows systems because such systems would be EOL'd anyway if Microsoft goes belly up.

        But for FLOSS users it would only complicate the maintainance and upgrade paths, even if they decide to use Ubundora's "solutions". There's a chance that a working system would stop working because the boot certificate was revoked.

  • Microsoft also released its new updater for certificates as a critical update for Windows Vista and later versions as part of today's July Patch Tuesday. ... and how the attackers were able to forge a Microsoft certificate and then use it to impersonate a Windows Update server."

    So, to protect users from potentially trusting a fake Windows Update server, Microsoft is releasing this update through a Windows Update server, which potentially could be fake? I suppose that if your computer already trusts a fake server, it is too late. However, I wish Microsoft would go back to providing downloadable updates that didn't depend on Windows Update.

    • So, to protect users from potentially trusting a fake Windows Update server, Microsoft is releasing this update through a Windows Update server, which potentially could be fake? I suppose that if your computer already trusts a fake server, it is too late

      This is not a fix for machines already pwned. It is a precautionary step to foil copycats (or the original attacker returning with a new kit). If a machine gets this update it will be immunized to attacks using these certs. You are correct that if a machine is already pwned or on a net with a fake WU server, that WU server could block this update to remain in the loop. This was never billed as a solution for that problem, however. If you suspect that your machine is pwned though a sophisticated attack like

      • This is not a fix for machines already pwned. It is a precautionary step to foil copycats

        I figured as much. I just thought the loop was funny...

        Microsoft releases all updates as separately downloadable packages.

        I see that this patch does offer an executable download. However, not all patches are available as executables. I'm not on the machine now. So I'm not sure of the patch numbers. However, I have a Vista machine that has 2 security updates, from May, permanently stuck in an install loop. They successfully install about every 10 minutes. I tried several solutions. Microsoft has a FixIt application that told me Windows Update needed to be repaired. It clai

  • by chebucto ( 992517 ) on Tuesday July 10, 2012 @11:14PM (#40610697) Homepage

    I've been away from /. for awhile, so seeing the MS corporate logo in place of the familiar Gates-Borg icon came as a bit of a shock.

    When did our dear leaders get rid it? What possible reason, aside from a desire to be more bland, could they have?

    • by Alioth ( 221270 )

      Well, they ought to have updated it to be a picture of a flying chair instead.

      • Well, they ought to have updated it to be a picture of a flying chair instead.

        That'd be good. Even better, maybe, would be a flying chair coming off of a sinking Titanic (rearrange the chairs? I'll rearrange the funking chairs!).

  • also certified by the NSA. Just like the old ones.
  • If they're doing this because of that Flame thingy, how is this going to affect how I play Angry Birds?!?!?!
  • "found nearly 30"
    "found 28"

    One of those is more concise, more informative and doesn't attempt to exaggerate by increasing the first digit (which people pay the most attention to) for no reason.

Real programmers don't bring brown-bag lunches. If the vending machine doesn't sell it, they don't eat it. Vending machines don't sell quiche.

Working...