[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

More tasty 808-errifficness

To: silug-discuss@silug.org
Subject: More tasty 808-errifficness
From: mike808@users.sourceforge.net
Date: Mon, 10 Mar 2003 22:21:34 GMT
Cc: discuss@sluug.org
Organization: Southern Illinois Linux Users Group
Reply-To: silug-discuss@silug.org
Sender: silug-discuss-owner@silug.org

Ran across this bit in a help forum for an FTP product that uses MS-CAPI
(MS-CryptoAPI, i.e. certificate store features):

> Q: Your computer keeps wanting to connect to www.saupdate.microsoft.com 
> [207.46.131.229], port 80.
> 
> A: It's a "feature" in Windows XP triggered when an SChannel (Microsoft SSL 
> Library) client receives a digital certificate signed by a untrusted CA. 
> This feature allows Microsoft (not you) to control which certificate 
> authorities you trust by dynamically updating the list of trusted CA in 
> your Windows XP. This can be disabled by removing "Update Root Certificates" 
> from Add/Remove Windows Components in Control Panel (Q283717). 

Read that again - "allows Microsoft (not you) to control which certificate
authorities you trust"...

Microsoft is our only hope to kill of Verisign/Network Solutions... :=)

It also means they can *pro-actively* disable self-signed CAs.

Perhaps a firewall entry would be appropriate, since MS is apparently 
tunnelling this remote administration capability of *your* machine via
an seemingly authorized HTTP request.

Mike808/


---------------------------------------------
http://www.valuenet.net



-
To unsubscribe, send email to majordomo@silug.org with
"unsubscribe silug-discuss" in the body.

Prev by Date: Switch to Linux ad (fwd)
Next by Date: Re: Switch to Linux ad (fwd)
Prev by thread: Re: Agenda VR3
Next by thread: Switch to Linux ad (fwd)
Index(es):
- Date
- Thread