VeriSign signs two fake MSFT certificates

• Next message: Stephen D. Williams: "Re: The *real* Jim Whitehead"
• Previous message: Matt Jensen: "Re: martyrdom"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Microsoft just released a security advisory,

Erroneous VeriSign-Issued Digital Certificates Pose Spoofing Hazard
http://www.microsoft.com/technet/security/bulletin/MS01-017.asp

Someone convinced VeriSign he was a Microsoft employee, and got two
certificates with the name "Microsoft Corporation." Although VeriSign has
revoked the certificates, browsers are not set up to check the revocation
list! MS is working on a browser patch.

Bruce Schneier was right about the risks of PKI...
http://www.counterpane.com/pki-risks-ft.txt

-Matt Jensen
 NewsBlip.com
 Seattle

• Next message: Stephen D. Williams: "Re: The *real* Jim Whitehead"
• Previous message: Matt Jensen: "Re: martyrdom"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Fri Apr 27 2001 - 23:14:44 PDT