By Susan Bradley/Windows Secrets Newsletter
A little Dutch company potentially lets a flood of problems into our Windows machines.
The company manages digital certificates; after its recent break-in by hackers, security certificates for Mozilla, Yahoo, WordPress, and other sites are now suspect.
On a daily basis, no matter what our level of paranoia, we trust the companies we work with. … Well, at least our browsers and computers do. Inside all computers, both Windows and Mac, is a collection of digital certificates that everyone on the Net has agreed to trust. On Vista and Windows 7 systems, these root certificates (definition) are updated by the issuer automatically. But on Windows XP machines, they’re updated manually.
Companies doing business on the Internet buy certificates linked to a root certificate and automatically become part of the chain of trust. Because your computer trusts the vendor who provided the root certificate, it automatically trusts all online businesses with associated certificates.
This process is the foundation for secure Web transactions such as shopping on Amazon, online-banking, and e-mail.
Many updates after breaks in the chain of trust
Typically, this system works well. But on the rare occasions it fails — when the chain of trust is broken — it can instantly affect thousands of PCs.
Such is the case with that small company in the Netherlands, DigiNotar. Reports from various sites indicate that hackers compromised the firm’s servers and generated rogue certificates. In a Kaspersky Lab Securelist blog, lab expert Roel speculates that as many as 200 rogue certificates were generated before the hack was discovered.
With a rogue certificate in place, a hacker can make your system think it’s using a legitimate, trusted certificate from well-known companies such as Google and Yahoo. The hacker can then intercept your Internet connection with the site you intended to use and redirect you to a fake site, where you are tricked into entering personal information such as your user name and password. Your computer still thinks it’s connected to a trusted site.
This post is excerpted with permission from Windows Secrets.