dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
2
share rss forum feed


Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7
reply to OZO

Re: Emergency Bulletin: Unauthorized Certificate used in "F

said by OZO:

Thanks. At this point I'm more interested in finding out when and how those certificates were installed on my computers (if they were at all) and how it's even possible, rather than in promptly removing those 3 certs. It's mostly for a future security of my computers. To make sure that it will not happen again tomorrow... That's more important than anything else now.

OZ I think you will like this info..and there is a manual patch method given

»isc.sans.edu/diary/Microsoft+Eme···e+/13366
--
Gladiator Security Forum
»www.gladiator-antivirus.com/

OZO
Premium
join:2003-01-17
kudos:2
Thanks for the link. From that link I found this article - Microsoft certification authority signing certificates added to the Untrusted Certificate Store. And finally the article mentions 3 rogue certificates:
Certificate - Microsoft Enforced Licensing Intermediate PCA
Issued by  - Microsoft Root Authority
Thumbprint - 2a 83 e9 02 05 91 a5 5f c6 dd ad 3f b1 02 79 4c 52 b2 4e 70
 
Certificate - Microsoft Enforced Licensing Intermediate PCA
Issued by  - Microsoft Root Authority
Thumbprint - 3a 85 00 44 d8 a1 95 cd 40 1a 68 0c 01 2c b0 a3 b5 f8 dc 08
 
Certificate - Microsoft Enforced Licensing Registration Authority CA (SHA1)
Issued by  - Microsoft Root Certificate Authority
Thumbprint - fa 66 60 a9 4a b4 5f 6a 88 c0 d7 87 4d 89 a8 63 d7 4d ee 97
 

I can't find any of them in my WXP computers.

Questions:
1. What is the point of applying the patch, if computers don't have those certificates?
2. How and when do they appear in computers? Who put them there? Microsoft?
3. How to make sure that next generation of such rogue certificates will never be planted into computers again?

--
Keep it simple, it'll become complex by itself...

Mele20
Premium
join:2001-06-05
Hilo, HI
kudos:5
I don't have them on my host XP Pro SP 2 machine with IE6 nor do I have them on my virtual machine with XP Pro SP 2 and IE 8.

The reason I have never gotten »www.microsoft.com/en-us/download···id=29434 or any updates before it for IE Root Certs is because WGA is required. I don't use IE6 at all except for a few speed tests that I trust. On the virtual machine with IE 8, I rarely use it except for the same speed tests. I'm not allowing WGA just to get a Root Certs update for a browser I rarely use.
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson


Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7
reply to OZO
Glad you found what you wanted..as for all your questions..have to pass on this..I am not doing squat myself with these on XP because they are not there in the first place..certainly not concerned about any man in the middle..and don't update XP much these days...but for others I would say..the method for CA is flawed..Flame won't be the last crack at it.


antdude
A Ninja Ant
Premium,VIP
join:2001-03-25
United State
kudos:5
Reviews:
·Time Warner Cable
reply to Mele20
said by Mele20:

I don't have them on my host XP Pro SP 2 machine with IE6 nor do I have them on my virtual machine with XP Pro SP 2 and IE 8.

The reason I have never gotten »www.microsoft.com/en-us/download···id=29434 or any updates before it for IE Root Certs is because WGA is required. I don't use IE6 at all except for a few speed tests that I trust. On the virtual machine with IE 8, I rarely use it except for the same speed tests. I'm not allowing WGA just to get a Root Certs update for a browser I rarely use.

Doesn't IE automatically download its updated root certificates in the background once in a while?
--
Ant @ »antfarm.ma.cx and »aqfl.net. Please do not IM/e-mail me for technical support. Use the forum! Disclaimer: The views expressed in this posting are mine, and do not necessarily reflect the views of my employer

Mele20
Premium
join:2001-06-05
Hilo, HI
kudos:5

1 recommendation

said by antdude:

Doesn't IE automatically download its updated root certificates in the background once in a while?

Not if you have Automatic Updates disabled in XP Services. I haven't used Windows Updates (by manually going there or automatic updates) since 2004. When I was still able to get patches for XP Pro SP 2, I got them one by one manually from reading the Microsoft Bulletin and Knowledgebase article and downloading from the link there. I installed them one at a time, using the computer for a bit after each installation. I never got drivers, etc. from Windows Updates when I did use it before mid 2004 so I was used to going to nVidia for a driver, etc. For anything besides patches that I needed from Microsoft, I went to Microsoft downloads and searched for it. I will have to use WU (going there manually) one time, when I get a new computer, to get all updates needed for Win 7. Then I will disable Automatic Updates Service on it also.
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson


antdude
A Ninja Ant
Premium,VIP
join:2001-03-25
United State
kudos:5
Reviews:
·Time Warner Cable
said by Mele20:

said by antdude:

Doesn't IE automatically download its updated root certificates in the background once in a while?

Not if you have Automatic Updates disabled in XP Services. I haven't used Windows Updates (by manually going there or automatic updates) since 2004. When I was still able to get patches for XP Pro SP 2, I got them one by one manually from reading the Microsoft Bulletin and Knowledgebase article and downloading from the link there. I installed them one at a time, using the computer for a bit after each installation. I never got drivers, etc. from Windows Updates when I did use it before mid 2004 so I was used to going to nVidia for a driver, etc. For anything besides patches that I needed from Microsoft, I went to Microsoft downloads and searched for it. I will have to use WU (going there manually) one time, when I get a new computer, to get all updates needed for Win 7. Then I will disable Automatic Updates Service on it also.

Interesting. I guess I know why I get the unable to download root certificates in my XP's event logs now since I have automatic updates disabled as well.
--
Ant @ »antfarm.ma.cx and »aqfl.net. Please do not IM/e-mail me for technical support. Use the forum! Disclaimer: The views expressed in this posting are mine, and do not necessarily reflect the views of my employer