Prepare for an automatic Windows Update that will block the rogue SSL certificates that were issued by Comodo. In case you hadn’t heard, Comodo accidentally issued certificates that illicitly represent:
- login.live.com
- mail.google.com
- http://www.google.com
- login.yahoo.com (3 certificates)
- login.skype.com
- addons.mozilla.org
- “Global Trustee”
Yeah. Not good. Users could hit a web site claiming to be one of the above and the certificate would verify their authenticity as legitimate. This would enable them to capture those users authentication credentials and other information they enter in.
More details are posted here:
- Microsoft Security Advisory (2524375)
Fraudulent Digital Certificates Could Allow Spoofing
http://www.microsoft.com/technet/security/advisory/2524375.mspx
kurtsh
Kurt Shintaku's Blog 