Microsoft gearing up for SSL cert update to Windows Phone?
While far from exciting, as it won't bring any new features, Microsoft is rumored to be working on an update to fix fraudulent SSL certificates in a hacking attempt that took aim at many web browser. Microsoft just published a security advisory on the issue to address the bogus SSL certs. As Bruce Cowper, manager of the Microsoft Trustworthy group states:
This is not a Microsoft security vulnerability; however, one of the certificates potentially affects Windows Live ID users via login.live.com...These certificates may be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against end users. We are unaware of any active attacks.
Microsoft has since patched Internet Explorer against the attack is reportedly mulling over an update, even possibly an over-the-air (OTA) one for Windows Phone, though nothing is certain at this point. No time line was given either. It will be interesting to see if Microsoft utilizes the OTA update capability for Windows Phone, a feature which was originally thought to be used for adding copy/paste but has since taken a back seat due to reliability concerns.
Edit: For those curious about SSL certs and how they work, see VeriSign