Looking to spend a little bit of that tax return on some sweet online deals? The latest news from Microsoft should make you do a double take before entering your credit card data. There is anew report of a windows live digital certificate risk making the rounds. They are reporting that an unauthorized SSL certificate was issued for “live.fi” that could have been used to leverage man-in-the-middle attacks or even spoof official Microsoft announcements.
According to darkreading.com,
the good news is that there is no evidence that there were any attacks carried
out using this domain and Microsoft caught it in time. In a statement from
Microsoft, they had this to say:
"A certificate was improperly issued due to a
misconfigured privileged email account on the live.fi domain. An email account
was able to be registered for the live.fi domain using a privileged username,
which was subsequently used to request an unauthorized certificate for that
domain,"
All of this talk about a phony SSL sure brings up a good
question…
What Should I Trust
Online?
If someone can simply purchase an SSL Certificate and pose
as Microsoft, who is to say that any SSL site may not be a spoof of an actual
site?
Truth be told, I am lazy and always looking for a good deal.
Nine times out of ten, this leads me to shop online for what I am looking for. For
me, I usually only shop at retailers I know and trust because I am afraid of a
scam. That is where the problem lies though: how is a small business to survive
online if they are unknown?
For small and medium size retailers online there are a
couple of different routes that can be followed to gain consumer trust and
boost their business. Purchasing an SSL certificate is one way to go about
gaining confidence, the other would be to pair with a trusted payment
collection provider like PayPal.
PayPal is an eBay company and has the reputation of being a trusted source of
payment.
Personally I have been a PayPal member since its inception:
it is a great way to send secure digital payments to others, for either personal
or business transactions. This secure payment method has even trickled over to
larger retailers like Sears, Walmart, and Coach who all accept PayPal as a
method of payment on their retail websites.
Fraud
In the case of this windows live digital certificate risk,
there could have been a lot more damage done. Kudos to Microsoft for nipping
this in the bud before it could get out of hand. The vigilance of Microsoft and
others to keep a proactive mind set is something that is very refreshing to
see. For far too long, many companies have taken on a reactive approach to
almost all things cyber security related. However, there seems to be a gained
interest in protecting things first, before
the inevitable can happen.
Go forth and be proactive, HackerAttacker Nation! You can
lead this fight for front-line protection of your identity, funds, and future!
No comments:
Post a Comment