Mark Minasi's Reader Forum
Mark Minasi's Reader Forum
Home | Profile | Register | Active Topics | Active Polls | Members | Search | FAQ | Minasi Forum RSS Feed
Username:
 Password:
Save Password
Forgot your Password?

 All Forums
 General Forum
 Miscellany (Technical)
 More fallout from Flame malware & forged MS Certs		  New Topic  Reply to Topic
 Printer Friendly
Author Previous Topic Topic Next Topic  

JSCLMEDAVE
Administrator

USA
6116 Posts
Status: offline
Posted - 07/11/2012 :  12:17:30 PM  Show Profile  Visit JSCLMEDAVE's Homepage  Click to see JSCLMEDAVE's MSN Messenger address  Reply with Quote
Doug posted this to his Pacific IT Pro list.

Pac IT Pros members:

More fallout from the Flame malware and forged Microsoft certificates. As a result Microsoft is changing the way they handle certificates and which changes an optional update to a critical which will be installed automatically as of today.

Additional details can be found at this link.

Microsoft Revokes Trust in 28 of Its Own Certificates | threatpost:
http://threatpost.com/en_us/blogs/microsoft-revokes-trust-28-its-own-certificates-071012

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Doug Spindler
Tim-

“This too shall pass"

Curt
Moderator

USA
6652 Posts
Status: offline
Posted - 07/11/2012 :  3:08:15 PM  Show Profile  Visit Curt's Homepage  Reply with Quote
This causes the latest "Patch Tuesday" to be really important.

With the Hash Collision costing between 200k and 2 MIL to execute, it shows that the money is there to gain valuble corporate and goverment data.

And we thought we were just doing our jobs.
Now we have become involved with a new kind of struggle.

I avoid Public sector because of this but there is a middle earth between public and private and security is that place.
Curt Spanburgh
Microsoft Certified Business Solution Specialist.
Dynamics CRM MVP
Contributing Editor, Windows IT Pro

He that is walking with wise persons will become wise, but he that is having dealings with the stupid ones will fare badly.
Proverbs 13:20


Go to Top of Page

aval
Honorable But Hopeless Addict

USA
3276 Posts
Status: offline
Posted - 07/11/2012 :  6:06:39 PM  Show Profile  Reply with Quote
quote:
As a result Microsoft is changing the way they handle certificates and which changes an optional update to a critical which will be installed automatically as of today.


Perhaps necessary but isn't it unsettling that MS can install updates on your computers even when you select the "Let me know when updates are available but let me download and install them" option?

This happened to me and others, as I realized after furiously googling about this update that installed itself on a day I did not update any servers.
Go to Top of Page

timberk
Major Contributor

USA
786 Posts
Status: offline
Posted - 07/12/2012 :  4:47:29 PM  Show Profile  Reply with Quote
MS Security Advisory (2728973)is mostly house keeping. Those 28 certs aren't being explioted, as far as anyone knows.

Next month though (August 2012), they are going to dump support for RSA keys, which are less than 1024 bits in length. This might cause problems:
http://blogs.technet.com/b/pki/archive/2012/06/12/rsa-keys-under-1024-bits-are-blocked.aspx

This could definitely be felt by IT folk.

~tb
Go to Top of Page
  Previous Topic Topic Next Topic  
 New Topic  Reply to Topic
 Printer Friendly
Jump To:
Mark Minasi's Reader Forum © 2002-2011 Mark Minasi Go To Top Of Page
This page was generated in 0.14 seconds. Snitz Forums 2000