Sources close to Microsoft support desk say that the tech giant has blacklisted a subordinate CA certificate. The reason for the blacklisting decision came after the tech giant noticed that the authority is being used for issuing fake SSL certificate for certain Google based websites. Microsoft believes that the decision will prevent all forms of spoofing attacks intended towards Google based website users across the IE platform.
The blacklisting took place last week. Experts at the Microsoft Outlook help desk said that the tech giant finalized the decision to blacklist the subordinate CA certificate after it was notified by Google about the issuing of fake certificate by CNNIC (China Internet Network Information Center (CNNIC).
CNNIC is a certificate issuing authority (CA) and is trusted by hundreds of thousands of users across the world. Nevertheless, CNNIC was has been recently begun to be notified for issuing fake certificates by MCS Holdings, an Egyptian company. Reports indicate that MCS holdings did not obtain any authorization from Google before issuing SSL certificates to them.
What does the user get through the SSL certificates?
SSL certificates allow a user to have the ability to give out SSL certificate to any domain names that he uses. So, the certificate issuing authority (CA) has to do the necessary verification before issuing the certificates to avoid any misuse of this ability. According to Microsoft Outlook help desk, a fake SSL certificate could affect the security framework of email client applications like Outlook as the owner of the SSL certificate is allowed to authenticate any domain that he wishes.
Reacting to the report, MCS holdings said that it had held preliminary level verifications before issuing the certificate. Moreover, it complies with all the IT security polices in practice to ensure that all websites keep up to up to standards. The security parameters are followed even in the case of HTTPS websites.
Microsoft suggests that CA should verify the nature of the websites before issuing the certificates. Furthermore, all the necessary steps to crosscheck the TLS/SSL encrypted traffics should be implemented with immediate effect. Microsoft said that it would not tolerate any further fake issuing of certificates. For improving the SSL security, Microsoft suggests MITM SSL interception.
Along with Microsoft, the Mozilla foundation is also observed with tightening its security parameters for the domains to restrict the surge of fake websites. As of now, Mozilla is restricting the .cn domain issued by CNNIC.