This is prob. fftopic, but this IS real, and I thought this should reach everyone....its potentually very bad. cheers, Jeremy Coulter FYI........ * WARNING - Microsoft Digital Certificates Compromised. Some one posing as being from Microsoft has gotten hold of a pair of digital certificates. This is ugly. Why? These actually can be used to make some one believe they are downloading genuine Microsoft code while in reality they might install a malignant piece of code. The alert that MS sent out regarding this, warns the problem covers all the existing versions of Windows. Not good. Let me quote Russ Cooper, Surgeon General of TruSecure Corporation and NTBugtraq Editor: "Verisign has royally screwed up. Verisign managed to issue a Class 3 Digital Certificate, a Certificate which is used for code-signing of things like ActiveX controls, Macros, applications, etc... to someone who purported to be from Microsoft Corporation." The black hat seems to have used some social engineering to pull the wool over Versign's eyes. A digital certificate, when your box gets presented with one, shows you a prompt that explains how these certificates work, and asks you to trust it. Now, if you get presented with a Microsoft cert, either via HTML or email, you have to check the date! If it has a date of Jan 30 or Jan 31, 2001. If so, you cannot trust it and do not download the presented code. No real MS certs were issued on these dates. The bogus Cert will NOT be trusted automatically by your system, so that is positive. But the fact you need to check the date (which users very likely will not do) is definitely the liability here. Microsoft is working on a solution but that is not here yet. I think you should plan to patch all the systems you are managing in the next few weeks. it's also not clear who the Black Hats are that pulled this off, so we do not know what nastyness to expect: a virus, worm, trojans, your hard disk trashed or other exploits. Quite a few people in Microsoft are actually pretty pissed off. They stated there has to be some kind of revocation mechanism in place to correct this kind of thing. But it ain't working right at the moment, as the URL for the CRL (Certificate Revocation List) is not filled out in the certificates. You may need to install a CRL on every box yourself, or get code from MS that make Explorer look at the MS CRL. I'll let you know more when I know more. http://www.microsoft.com/technet/security/bulletin/MS01-017.asp Microsoft Knowledge Base articles Q293817 and Q293819 also appeared. Jeremy Coulter (Manager) Visual Software Solutions Christchurch, New Zealand PH 03-3521595 FAX 03-3521596 MOBILE 021-2533214 www.vss.co.nz --------------------------------------------------------------------------- New Zealand Delphi Users group - Delphi List - [EMAIL PROTECTED] Website: http://www.delphi.org.nz To UnSub, send email to: [EMAIL PROTECTED] with body of "unsubscribe delphi"
