Bitcoin Forum
April 25, 2018, 12:01:10 AM *
News: Latest stable version of Bitcoin Core: 0.16.0  [Torrent]. (New!)
   Home   Help Search Donate Login Register  
Pages: [1]
Author Topic: Microsoft Approves Thai Government's Root Certificate, Which Could Enable Spying  (Read 177 times)
Offline Offline

Activity: 990
Merit: 1000

View Profile WWW
January 27, 2017, 02:08:09 PM

Microsoft Approves Thai Government's Root Certificate, Which Could Enable Spying,33505.html

Privacy International, a UK-based nonprofit founded in 1990, released a report showing that Microsoft is the only operating system vendor to have approved the Thai military government's root certificate by default, which is managed by the Electronic Transaction Development Agency (ETDA). The nonprofit worries that the Thai government could now perform "man-in-the-middle" (MITM) attacks against Thai citizens.

Thai Government's Tight Grip On Internet Companies

According to Privacy International, the political environment in Thailand right now is such that it would be difficult for companies to deny a data request, because there isn't a strong legal framework in place that's also well enforced. In other words, companies can't bet on having the law on their side over there. (...)

Windows Only OS To Approve Thai Government Root Certificate

The interception would be unnoticed by the target if the root certificate is trusted by default on an operating system such as Windows or macOS. Privacy International said it noticed that Windows does include the Thai government certificate, whereas macOS does not. Privacy International then asked Microsoft how its root certificate approval works, considering it's been the only one to approve the Thai government's root certificate so far. Microsoft seems to have replied more than two months later, saying it can't disclose how it decided exactly to approve the Thai government certificate, but that the overall approval strategy is found on its website. (...)

Microsoft's Silent Root Certificate Updates

Microsoft has added dozens of new root certificates over the past few years, usually without making it public, and with only a few security researchers discovering when it happened. Some of the silently added root certificates have been attributed to the now infamous WoSign Chinese Certificate Authority (CA). That's the same CA that was punished by Google and Mozilla late last year over backdating of SHA1 certificates and failing to disclose that it bought another CA.

Microsoft's decision to hide, or at least not announce when it added more root certificates to Windows, is quite strange. Root certificates are a highly important component of the overall security of an operating system, and more importantly, it defines how much trust users can place in one. Microsoft refusing to say how exactly it approves root certificates isn't helping matters much either. (...)

Source: Tom's Hardware

   [GUIDE] How to buy and sell Bitcoins SAFELY with PayPal + UNLIMITED WITHDRAWALS to PayPal
According to NIST and ECRYPT II, the cryptographic algorithms used in Bitcoin are expected to be strong until at least 2030. (After that, it will not be too difficult to transition to different algorithms.)
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
Hero Member
Offline Offline

Posts: 1524614470

View Profile Personal Message (Offline)

Reply with quote  #2

Report to moderator
Offline Offline

Activity: 1554
Merit: 1010

FUD Philanthropist™

View Profile
January 28, 2017, 06:47:30 AM

Another reason to not trust MS.. can't stand them.  Angry

FUD first & ask questions later™
Pages: [1]
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!