Home Security
PC Matic
PC Matic VPN
More Products
Support Unlimited
Identity Theft Protection
PC Magnum
Threat Awareness
How PC Matic Protects You
SuperShield Whitelist
Compare PC Matic
Norton
McAfee
Avast
AVG
Business Protection
PC Matic Pro
PC Matic MSP
Solutions
Allowlisting
Script Enforcement
Device Control
Patch Management
Remote Tools
Integrations
Server Security
Learn More
Resellers
Affiliates
Resources
Case Studies
Compare PC Matic Pro
ThreatLocker
Airlock Digital
VMware Carbon Black
AppLocker
For Federal
Partner Programs
Managed Service Providers
Channel Partners
Affiliate Partners
OEM Partners
Resource Center
All Resources
Case Studies
Data Sheets
User Guides
White Papers
Blog Resources
PC Matic Blog
Business Security
Home Security
Cyber News
Scam Alerts
Customer Service
Home Support
Business Support
Learn More
Getting Started
Knowledgebase
Tech Support Scams
Fake Virus Scams
Tools & More
Ransomware Center
Internet Speed Test
PC Matic
About
Careers
Learn More
Industry Recognition
Leadership
Commercials
Stay Up-to-Date
Newsroom
Blog
Events
TechTalk Podcast
Home Customers
My Account
PC Matic App
Add a Device
Renew Subscription
Business Customers
Business Login
Business Support
Search

Windows Secrets Newsletter: Certificate Cleanup Needed for PCs

windows secrets

By Susan Bradley/Windows Secrets Newsletter

A little Dutch company potentially lets a flood of problems into our Windows machines.

The company manages digital certificates; after its recent break-in by hackers, security certificates for Mozilla, Yahoo, WordPress, and other sites are now suspect.

On a daily basis, no matter what our level of paranoia, we trust the companies we work with. … Well, at least our browsers and computers do. Inside all computers, both Windows and Mac, is a collection of digital certificates that everyone on the Net has agreed to trust. On Vista and Windows 7 systems, these root certificates (definition) are updated by the issuer automatically. But on Windows XP machines, they’re updated manually.

Companies doing business on the Internet buy certificates linked to a root certificate and automatically become part of the chain of trust. Because your computer trusts the vendor who provided the root certificate, it automatically trusts all online businesses with associated certificates.

This process is the foundation for secure Web transactions such as shopping on Amazon, online-banking, and e-mail.

Many updates after breaks in the chain of trust

Typically, this system works well. But on the rare occasions it fails — when the chain of trust is broken — it can instantly affect thousands of PCs.

Such is the case with that small company in the Netherlands, DigiNotar. Reports from various sites indicate that hackers compromised the firm’s servers and generated rogue certificates. In a Kaspersky Lab Securelist blog, lab expert Roel speculates that as many as 200 rogue certificates were generated before the hack was discovered.

With a rogue certificate in place, a hacker can make your system think it’s using a legitimate, trusted certificate from well-known companies such as Google and Yahoo. The hacker can then intercept your Internet connection with the site you intended to use and redirect you to a fake site, where you are tricked into entering personal information such as your user name and password. Your computer still thinks it’s connected to a trusted site.

Article Continued Here:

This post is excerpted with permission from Windows Secrets.

Stop Responding to Threats.
Prevent Them.

Get Protected

Want to get monthly tips & tricks?

Subscribe to our newsletter to get cybersecurity tips & tricks and stay up to date with the constantly evolving world of cybersecurity.

Related Articles

How to Fight a Malware War

malwar

A tip-filled conversation with Andrew Brandt, director of threat research at Solera Networks, reveals some of the ways hackers sneak malware into PCs.

Read More
March 25, 2013

Tech Support-call Cons

phonescam

“Hello. This is Microsoft Tech Support. Your PC has notified us that it has an infection.” The call is a scam — an extremely prevalent one. Here’s how it works and what you need to know to stay out of the trap.

Read More
March 1, 2013