diTii.com Digital News Hub

Sign up with your email address to be the first to know about latest news and more.

I agree to have my personal information transfered to MailChimp (more information)


Microsoft Preparing to Deliver SSL Certificate Update for Windows Phone Devices

Microsoft set to release security update for Windows Phone 7 to block SSL certificates, that may potentially hamper users of the WP devices. Microsoft had previously warned of the following sites that appear to exist fraudulently:

login.yahoo.com (3 certificates)
Global Trustee

While it’s currently unclear how Microsoft intends to distribute the patches for their handsets, it’s possible that they’ll use the ‘over-the-air’ update system, as opposed to a major firmware update. Microsoft’s Trustworthy Computing manager, Bruce Cowper, had this to say:

Fraudulent digital certificates are not a Microsoft security vulnerability. We have been working to develop a mitigation update for Windows Phones.

Interestingly, Comodo themselves appear to believe that the attacks could be politically-motivated, or state-driven. Melih Abdulhayoglu, Comodo’s founder, had this to say about the attacks:

First time we’re seeing a “state funded” attack against the “Authentication” infrastructure. The Threat Model is changing and Comodo had already initiated a proposal for new standards in 2010 which would help mitigate some of these attacks. We’ll make sure to double our efforts in getting industry wide acceptance to these much needed standards so that we can continue to defend our security and freedom.

Share This Story, Choose Your Platform!

Get Latest News

Subscribe to Digital News Hub

Get our daily newsletter about the latest news in the industry.
First Name
Last Name
Email address
Secure and Spam free...