Administrator DKT27 Posted September 12, 2011 Administrator Share Posted September 12, 2011 Following his recent attack against Dutch security company DigiNotar, the hacker known as Comodohacker is now threatening to exploit Microsoft's Windows Update service.In another message posted on Pastebin last week touting his cyberattacks, the infamous hacker claims that he's able to issue phony Windows updates despite Microsoft's assertion to the contrary. "I'm able to issue Windows update--Microsoft's statement about Windows Update and that I can't issue such update is totally false," proclaimed Comodohacker. "I already reversed ENTIRE Windows update protocol, how it reads XMLs via SSL which includes URL, KB no, SHA-1 hash of file for each update, how it verifies that downloaded file is signed using WinVerifyTrust API, and...Simply I can issue updates via Windows update! You see? I'm so smart, sharp, dangerous, powerful, etc. huh?" If Comodohacker were able to compromise Windows Update, then he would essentially be capable of delivering malware to any Windows PC running the service.In an earlier post on its Security Research & Defense blog, Microsoft said it was aware that some of the fake certificates released by DigiNotar were issued for such domains as Microsoft.com, Windowsupdate.com, and Update.microsoft.com. As a result, the company designated all DigiNotar certificates as untrustworthy and issued a Windows security update that can be installed manually and would be automatically installed for all users with automatic updates turned on. But despite its actions, Microsoft contends that its Windows Update is protected from any threats from false security certificates. "Attackers are not able to leverage a fraudulent Windows Update certificate to install malware via the Windows Update servers," Microsoft engineer Jonathan Ness wrote in the blog. "The Windows Update client will only install binary payloads signed by the actual Microsoft root CA certificate, which is issued and secured by Microsoft. Also, Windows Update itself is not at risk, even to an attacker with a fraudulent certificate." Comodohacker's recent attack against DigiNotar caused the Dutch certificate authority to issue fake Secure Sockets Layer (SSL) certificates for Google, Microsoft, Skype, Twitter, and a host of other organizations. The hacker has also been threatening to release phony certificates for other companies. SSL certificates authenticate secure Web sites to verify that users are connecting to the intended site. Phony certificates are especially alarming, as they can redirect Internet users to the wrong Web sites, often as a way of delivering malware, and can easily destroy confidence in the CAs (certificate authorities). Trying to justify his actions against DigiNotar, Comodohacker blamed the Dutch government's failure to prevent the 2002 Srebrenica genocide, a massacre in which up to 8,000 men and boys were killed by Bosnian Serb forces. The hacker earned his nickname after breaching network security for a reseller of security firm Comodo. View: Original Article Link to comment Share on other sites More sharing options...
Sonar Posted September 12, 2011 Share Posted September 12, 2011 will be looking at the next bunch of updates !! Link to comment Share on other sites More sharing options...
grouchysmurf Posted September 13, 2011 Share Posted September 13, 2011 I do not use auto update. Link to comment Share on other sites More sharing options...
myidisbb Posted September 13, 2011 Share Posted September 13, 2011 one guy my azzz. this is an attack by iran. should be treated as such and return 10 fold Link to comment Share on other sites More sharing options...
tipo Posted September 13, 2011 Share Posted September 13, 2011 I do not use auto update.good thinkin`! :yes: Link to comment Share on other sites More sharing options...
drizztfire Posted September 13, 2011 Share Posted September 13, 2011 I don't use Update ... :huh: Link to comment Share on other sites More sharing options...
Marik Posted September 13, 2011 Share Posted September 13, 2011 i don't use auto-updateif it's working, then leave it alone Link to comment Share on other sites More sharing options...
Nemesis Posted September 15, 2011 Share Posted September 15, 2011 auto-updates = bloatware. 3rd party solutions are best in terms of security and usually block the holes left by the OS assuming your settings are good and all software is up to date. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.