SoylentNews is people
SoylentNews
El Reg has published a story which discusses the steps Google and Mozilla are taking, in response to the apparent misuse of a China Internet Network Information Center (CNNIC) intermediate Cetificate Authority (CA) administered by MCS Holdings, who claim it was all just a big mistake.
Firefox-maker Mozilla has joined Google in refusing to recognize SSL certificates issued by the China Internet Network Information Centre (CNNIC).
This should not be a surprise since:
This comes after a security biz in Egypt used a CNNIC-issued intermediate certificate to create unauthorized SSL certs that could be used to trick people into connecting to bogus, password-stealing Gmail.com or Google.com websites.
As a result:
[A]ll Mozilla products – including the Firefox web browser and the Thunderbird email client, among others – will be updated so that all CNNIC-based certificates issued on or after April 1, 2015 are considered untrusted.
Mozilla said it also plans to ask CNNIC for a comprehensive list of all of its current valid certificates. Any certificates issued before April 1 that are not included on this whitelist will also be subject to potential "further action."
Microsoft has also revoked the suspect CNNIC intermediate CA:
Microsoft is updating the Certificate Trust list (CTL) to remove the trust of the subordinate CA certificate. The trusted root Certificate Authority, the China Internet Network Information Center (CNNIC), has also revoked the certificate of the subordinate CA.
(Score: 4, Informative) by deimios on Wednesday April 08 2015, @05:19AM
Because the world is not black-or-white and Microsoft being a behemoth has many heads. Some of them actually think and some of those actually have good ideas.
Yes you should take anything coming out of Redmond with a grain of salt and only after 2 service packs, but this time they might be right.
(Score: 0) by Anonymous Coward on Wednesday April 08 2015, @05:23AM
May I have 2 biscuit packs instead? Hell, even to packs of cigarettes would be healthier.
(Score: 4, Informative) by FatPhil on Wednesday April 08 2015, @09:59AM
Why should we trust Microsoft? We shouldn't, as they are (tainted by being in part) criminal liars.
Why should we trust what Microsoft says? We shouldn't, as they are ( - " - ) criminal liars, we should verify it.
Why should we listen to what Microsoft says? Because how else can we verify or disprove it?
If AC has some issue with what MS have said in that announcement, perhaps he'd like to document them here. A cursory read of it looks truthful and useful. I expect no response from AC, as he seems a bit of an idiot (which is not an /ad hominem/, it's just an insult - do you see the difference?).
Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
(Score: 0) by Anonymous Coward on Wednesday April 08 2015, @04:53PM
Your statement applies even more-so to the NSA, but you'll get mod-bombed to Hell if you even suggest that. All issues are only black-and-white on this site.