7

Microsoft gearing up for SSL cert update to Windows Phone?

While far from exciting, as it won't bring any new features, Microsoft is rumored to be working on an update to fix fraudulent SSL certificates in a hacking attempt that took aim at many web browser. Microsoft just published a security advisory on the issue to address the bogus SSL certs. As Bruce Cowper, manager of the Microsoft Trustworthy group states:

This is not a Microsoft security vulnerability; however, one of the certificates potentially affects Windows Live ID users via login.live.com...These certificates may be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against end users. We are unaware of any active attacks.

Microsoft has since patched Internet Explorer against the attack is reportedly mulling over an update, even possibly an over-the-air (OTA) one for Windows Phone, though nothing is certain at this point. No time line was given either. It will be interesting to see if Microsoft utilizes the OTA update capability for Windows Phone, a feature which was originally thought to be used for adding copy/paste but has since taken a back seat due to reliability concerns.

Edit: For those curious about SSL certs and how they work, see VeriSign

Source: WinRumors

0
loading...
0
loading...
20
loading...
0
loading...

Comments

There are 7 comments. Sign in to comment

Physboy says:

I thought the OTA was attempted for use on Pre-NoDo update, & Zune was going to be used for actual NoDo???

Physboy says:

Bottom line though, is all this talk about updates to the WP7 device is moot as there are NO updates which are actually occuring at all. Oh, but there are plenty of NEW phones w/ the updated OS!Can you say Windows Mobile??

KCMike says:

Mama nooooooooooo!!

1jaxstate1 says:

LOL! On the floor laughing.

1jaxstate1 says:

LOL, stop posting anything about a update. The natives will get riled up!

michael.ball says:

Just update our phones via the Zune software and bypass the carriers altogether like Apple has done since Day 1. That way, Microsoft has control of the update process and isn't held hostage by uncaring carriers like AT&T who can't seem to get updates out of "Testing" status.

...so we won't be getting this one till like november, right?