Bitcoin Forum
October 18, 2017, 06:12:05 AM *
News: Latest stable version of Bitcoin Core: 0.15.0.1  [Torrent]. (New!)
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Microsoft Approves Thai Government's Root Certificate, Which Could Enable Spying  (Read 164 times)
TheIrishman
Legendary
*
Offline Offline

Activity: 976

http://BitcoinPayPal.info


View Profile WWW
January 27, 2017, 02:08:09 PM
 #1



Microsoft Approves Thai Government's Root Certificate, Which Could Enable Spying

http://www.tomshardware.com/news/microsoft-thai-government-root-certificate,33505.html

Privacy International, a UK-based nonprofit founded in 1990, released a report showing that Microsoft is the only operating system vendor to have approved the Thai military government's root certificate by default, which is managed by the Electronic Transaction Development Agency (ETDA). The nonprofit worries that the Thai government could now perform "man-in-the-middle" (MITM) attacks against Thai citizens.

Thai Government's Tight Grip On Internet Companies

According to Privacy International, the political environment in Thailand right now is such that it would be difficult for companies to deny a data request, because there isn't a strong legal framework in place that's also well enforced. In other words, companies can't bet on having the law on their side over there. (...)

Windows Only OS To Approve Thai Government Root Certificate

The interception would be unnoticed by the target if the root certificate is trusted by default on an operating system such as Windows or macOS. Privacy International said it noticed that Windows does include the Thai government certificate, whereas macOS does not. Privacy International then asked Microsoft how its root certificate approval works, considering it's been the only one to approve the Thai government's root certificate so far. Microsoft seems to have replied more than two months later, saying it can't disclose how it decided exactly to approve the Thai government certificate, but that the overall approval strategy is found on its website. (...)

Microsoft's Silent Root Certificate Updates

Microsoft has added dozens of new root certificates over the past few years, usually without making it public, and with only a few security researchers discovering when it happened. Some of the silently added root certificates have been attributed to the now infamous WoSign Chinese Certificate Authority (CA). That's the same CA that was punished by Google and Mozilla late last year over backdating of SHA1 certificates and failing to disclose that it bought another CA.

Microsoft's decision to hide, or at least not announce when it added more root certificates to Windows, is quite strange. Root certificates are a highly important component of the overall security of an operating system, and more importantly, it defines how much trust users can place in one. Microsoft refusing to say how exactly it approves root certificates isn't helping matters much either. (...)

Source: Tom's Hardware




▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
   [GUIDE] How to buy and sell Bitcoins SAFELY with PayPal + UNLIMITED WITHDRAWALS to PayPal
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
1508307125
Hero Member
*
Offline Offline

Posts: 1508307125

View Profile Personal Message (Offline)

Ignore
1508307125
Reply with quote  #2

1508307125
Report to moderator
1508307125
Hero Member
*
Offline Offline

Posts: 1508307125

View Profile Personal Message (Offline)

Ignore
1508307125
Reply with quote  #2

1508307125
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1508307125
Hero Member
*
Offline Offline

Posts: 1508307125

View Profile Personal Message (Offline)

Ignore
1508307125
Reply with quote  #2

1508307125
Report to moderator
1508307125
Hero Member
*
Offline Offline

Posts: 1508307125

View Profile Personal Message (Offline)

Ignore
1508307125
Reply with quote  #2

1508307125
Report to moderator
1508307125
Hero Member
*
Offline Offline

Posts: 1508307125

View Profile Personal Message (Offline)

Ignore
1508307125
Reply with quote  #2

1508307125
Report to moderator
Spoetnik
Legendary
*
Offline Offline

Activity: 1414


FUD Philanthropist™


View Profile
January 28, 2017, 06:47:30 AM
 #2

Another reason to not trust MS.. can't stand them.  Angry

FUD first & ask questions later™
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!