No announcement yet.

Credit card theft feared in Windows flaw

  • Filter
  • Time
  • Show
Clear All
new posts

  • Credit card theft feared in Windows flaw

    Digital certificate flaw found in over a dozen programs!___________________
    Microsoft has issued a security alert for a group of programs on both the Windows and Macintosh platforms.
    They include:
    Microsoft Windows 98
    Microsoft Windows 98 Second Edition
    Microsoft Windows Me
    Microsoft Windows NT® 4.0
    Microsoft Windows NT 4.0, Terminal Server Edition
    Microsoft Windows 2000
    Microsoft Windows XP
    Microsoft Office for Mac
    Microsoft Internet Explorer for Mac
    Microsoft Outlook Express for Mac

    Learn how this flaw could affect you
    "Microsoft issued a security alert, calling the flaw "critical." The flaw affects how more than a dozen Microsoft products, including programs for Windows and the Macintosh, handle digital certificates, which are used to certify the authenticity of a Web site or of software code.

    The flaw could let a Web site with a valid certificate issue a second, invalid one, which could enable unauthorized access to a computer as well as, among other things, the theft of user passwords or credit card numbers.

    "You're on my site and I say, 'Click here to go to' But I don't really take you to I can pretend to be and get you to enter in your credit card number," explained Gartner analyst John Pescatore.

    Experts were quick to point out that, so far, it is unlikely anyone has taken advantage of the flaw , but they also say that the implications of the flaw could be widespread, since it affects one of Windows' key security-authentication mechanisms, called CryptoAPI, which is also used by many non-Microsoft programs that run on Windows. Analysts also warned that the problem, if exploited, could undermine consumers' confidence in conducting transactions over the Web. "

    Download the patches for this flaw
    Last edited by CJ Swartz; 09-06-2002, 02:25 PM.