 |
CastellanoEnglishNederlands |
|---|
|
CastellanoEnglishNederlands |
|---|
Datum: 2009-10-11
A serious bug in Windows has been reported more than two months ago that affects all browsers on the Windows platform that depend on it to verify the certificates used by secure services, such as banking.
It is a bug in the CryptoAPI module which is part of the Windows operating system. It affects Microsoft Internet Explorer, Apple Safari and Google Chrome. SCforum and The Register report that a fraudulent certificate has already been manufactured that exploits this bug and mimics PayPal's true certificate.
Certificates are used for secure connections with web servers. The addresses start with "https:" instead of "http:". Modern browsers notify you of a secure connections by giving the address bar, or part of it, a blue or green background colour. False certificates are reported to you by intrusive messages that strongly recommend to abandon the web site. This mechanism allows you to easily verify that the web site that looks like your bank's web site is really run by your bank and not by crooks.
Now, with the Windows CryptoAPI bug, it is possible to manufacture certificates that the three browsers think are safe, but are not. If you are using Windows to connect to your bank, for the moment it is better to revert to an alternative, such as Opera or Mozilla Firefox. Other platforms, such as Linux, Unix and MacOS, are not affected by this bug.
Lees meer nieuwsberichten