Microsoft Identity Stolen

March 26, 2001

You have heard about the busboy in Brooklyn who was able to steal the identities of the rich and famous . . . well this is a tale about someone stealing the identity of a corporation.

Sometime ago there was an article that reported on digital signatures and how they work. One of the steps of the digital signature processes was the attachment of a certificate which verifies that the item being sent has not been tampered with and authenticates that the individual's signature was authorized by that individual.

This brief overview of the digital signature process relates to a recent story where Microsoft is the victim of a security attack. Apparently someone, claiming to be a Microsoft employee, contacted Verisign (the company that issues the certificates), and was able to get two certificates. Microsoft is concerned that this person will use these certificates in order to spread virus or harmful programs to trusting users believing that the program originated from Microsoft.

Currently Microsoft is working on creating a patch that will detect the fraudulent certificate, but for now it is advising users to deny any certificates that were issued on January 29th or 30th.