[an error occurred while processing the directive]
RSS
Логотип
Баннер в шапке 1
Баннер в шапке 2

WoSign

Company

Information technologies
Asia


Content

History

2017: Failure of Microsoft of web certificates

In August, 2017 Microsoft after Google, Apple and Mozilla refuses to recognize the safety certificates issued the Chinese certification center WoSign which is engaged in issue of safety certificates for websites. The WoSign affiliated enterprise, the Israeli-Chinese company StartCom also fell into disgrace. Microsoft excludes certificates of both firms from the list entrusted as they "do not meet the standards shown to participants of the Trusted Root Program program".[1]

Since September, 2017 as it is specified in the statement of Microsoft, "Windows 10 will cease to trust any certificates issued by these organizations".

Microsoft refuses certificates of the Chinese making sure WoSign center
File:Aquote1.png
Use of methods of work, unacceptable in the field of security, such as change backdating of certificates with hashing algorithm SHA-1, incorrect release of certificates, any withdrawal of certificates, duplication of serial numbers of certificates and numerous violations of the Main requirements of the Forum of producers of certificates and browsers (CAB Forum) was observed, said in the statement of Microsoft.
File:Aquote2.png

WoSign, in return, announced that claims of Microsoft are unreasonable and mislead users: WoSign changed the infrastructure on issue of certificates in November and its new certificates do not represent any risk for users. Earlier Mozilla, Apple and Google refused use of certificates of WoSign and StartCom.

Mozilla developers in September, 2016 accused WoSign of use of unreliable encryption algorithm SHA-1 and substitution of dates of certificates and also of concealment of that fact that StartCom belongs to WoSign. StartCom also issued unreliable certificates of SHA-1. Google joined sanctions in the middle of the current year.

File:Aquote1.png
The Internet relies today on strong cryptography which allows to reduce significantly the risks connected with privacy of net surfers - Georgy Lagoda, the CEO of SEC Consult Services company says. - WoSign caught by a hand on distribution of "weak" certificates and deception of users so failure of leading manufacturers of browsers from recognition of these certificates is very logical.
File:Aquote2.png

WoSign distributed SSL certificates for free that provided their popularity. About 10 thousand top-level domains in the zone .ru use these certificates today.[2]

Notes

  1. Microsoft bins unloved Chinese cert shops
  2. WoSign websites in Russia
Источник — «https://tadviser.com/index.php/Company:WoSign»

Шестерня

The site content is translated by machine translation software powered by PROMT. The machine-translated articles are not always perfect and may contain errors in vocabulary, syntax or grammar. Read original article

If you find inaccuracies or errors in the results of machine translation, please write to editor@tadviser.ru. We will make every effort to correct them as soon as possible.

Model Studio CS: How to use BIM to give new impetus to the development of the fuel and energy complex
Leave a Large Footprint in the Sands of Time
Information modeling technologies: confident course on import substitution