VeriSign signs two fake MSFT certificates

From: Matt Jensen (
Date: Thu Mar 22 2001 - 11:19:57 PST

Microsoft just released a security advisory,

Erroneous VeriSign-Issued Digital Certificates Pose Spoofing Hazard

Someone convinced VeriSign he was a Microsoft employee, and got two
certificates with the name "Microsoft Corporation." Although VeriSign has
revoked the certificates, browsers are not set up to check the revocation
list! MS is working on a browser patch.

Bruce Schneier was right about the risks of PKI...

-Matt Jensen

This archive was generated by hypermail 2b29 : Fri Apr 27 2001 - 23:14:44 PDT