Microsoft: What it did right and wrong in 2012

By , Network World |  IT Management, Microsoft, windows 8

A key element of Flame called for exploiting weaknesses of the MD5 hashing algorithm. Microsoft had urged in 2008 that network administrators and certificate authorities stop using the hash because researchers had discovered how to exploit it.

Microsoft officially disallowed its use in 2009 but failed to weed it out of its own products, particularly Terminal Server Licensing Service. Researchers figured out how to compromise MD5 using what they call collision attacks to obtain fraudulent certificates that are accepted as real. This allowed attackers to send malware that victim machines accepted as authenticated Microsoft updates.

Tim Greene covers Microsoft for Network World and writes the Mostly Microsoft blog. Reach him at tgreene@nww.com and follow him on Twitter @Tim_Greene.

Read more about software in Network World's Software section.


Originally published on Network World |  Click here to read the original story.
Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Answers - Powered by ITworld

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question