‘flame’ spread via rogue microsoft security certificates – China Alloy Steel Seamless Pipe

A post on the Microsoft Security Response Center blog states plainly, We have discovered through our analysis thatsome components of the malware have been signed by certificatesthat allow software to appear as if it was produced by Microsoft. ‘Flame’ slipped under network defenses by appearing as legitimateMicrosoft code. Andrew Storms, director of security operations for nCircle , declares, The discovery of a bug that s been used tocircumvent Microsoft s secure code certificate hierarchy is amajor breach of trust, and it s a big deal for every Microsoftuser. It also underscores the delicate and problematic nature ofthe trust models behind every Internet transaction. Stainless Steel U Bend Tube

The Microsoft blog post explains that a vulnerability in an oldcryptography algorithm is exploited by some elements of Flame to make them appear as if they originated from Microsoft. Mostsystems around the world accept officially-signed Microsoft code assafe by default, so the malware would enter unnoticed. The weak algorithm is a function of the Terminal Server LicensingService, which allowed IT admins to authorize Remote Desktopservices on Windows-based networks. The algorithm in question wasused to generate security certificates with the ability to signcode so that it is accepted as legitimate Microsoft code. Microsoft is taking steps to deal with this issue. China Alloy Steel Seamless Pipe

First, itreleased the security advisory which explains the issue in detailand provides steps IT admins can use to block software signed bythe rogue security certificates. Microsoft also released an update,which automatically implements those same steps to make it easierfor customers to prevent malware using the spoofed certificatesfrom slipping through. Microsoft adds that the Terminal Server Licensing Service is nolonger capable of issuing certificates that can be used to signcode. With these steps in place, organizations can ensure that anymalware that depends on the rogue security certificates will nolonger be recognized as being from Microsoft. Stainless Steel Welded Pipes

Storms provides some further insight about the rogue Microsoftcertificate revelation. He points out that the stealthy use ofrogue Microsoft security certificates supports the theory that Flame is part of a grander state-sponsored espionage effort . A bug that can identify a piece of malware as legitimate is notsomething an average malware writer would have been able to sit onfor long–it s worth far too much on the black market. Storms adds, The fact that this bug has been kept secret for atleast 18 months, and quite possibly longer, is pretty clearevidence that there is a nation state behind Flame .


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s