by certifiedbug on March 23, 2011
in Microsoft
Microsoft Security Advisory (2524375)
Published: March 23, 2011
Microsoft is aware of nine fraudulent digital certificates issued by Comodo, a certification authority present in the Trusted Root Certification Authorities Store on all supported versions of Microsoft Windows. Comodo advised Microsoft on March 16, 2011 that nine certificates had been signed on behalf of a third party without sufficiently validating its identity. These certificates may be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against all Web browser users including users of Internet Explorer.
These certificates affect the following Web properties:
• login.live.com
• mail.google.com
• www.google.com
• login.yahoo.com (3 certificates)
• login.skype.com
• addons.mozilla.org
• “Global Trustee”
Comodo has revoked these certificates, and they are listed in Comodo’s current Certificate Revocation List (CRL). In addition, browsers which have enabled the Online Certificate Status Protocol (OCSP) will interactively validate these certificates and block them from being used.
“An update is available for all supported versions of Windows to help address this issue.”
http://www.microsoft.com/technet/security/advisory/2524375.mspx
http://blogs.comodo.com/it-security/data-security/the-recent-ca-compromise/
http://threatpost.com/en_us/blogs/phony-web-certificates-issued-google-yahoo-skype-others-032311
My email address was spoofed as sent from. Needless to say do not click on the unsubscribe link, this is where the spam came from:
Canadian Pharmacy with a Santa hat.
by certifiedbug on October 14, 2008
in Microsoft
Email spoofing basically is when someone forges the header information making the email appear to have originated from somewhere other than the real source.
One such spoof is doing the rounds falsely claiming to be from Steve Lipner at Microsoft urging recipients to install an attached update.
The email is not from Microsoft, the malicious attachment contains Backdoor:Win32/Haxdoor, and of course you should not open it.
The Microsoft Security Response Center (MSRC)
First and foremost, we never, ever, ever send attachments with our security notification e-mails. And, as a matter of company policy, Microsoft will never send you an executable attachment. If you get an e-mail that claims to be a security notification with an attachment, delete it. It is always a spoof. You can think of our security notification e-mails as a notification for you to go the security bulletin to get the updates from the link in the bulletin to the Microsoft Download Center http://www.microsoft.com/downloads. You should always get our security updates from the links in the bulletins or through our deployment tools such as Microsoft Update or Windows Update, Windows Software Update Services (WSUS) or Systems Center Configuration Manager.
Article: Microsoft Security E-mail Spoofs with Malware
