Just revenge.
Payback from former Nokia staff, perhaps?
Microsoft is firing off updates to kill a fake certificate that can be used to create a convincing man-in-the-middle attack against its Live services. Certificate Authority Comodo has killed the bad cert, which it issued, and now Redmond is following suit by updating its revocation list for Windows platforms. "Microsoft is …
"SSL over HTTP, known as HTTPS, is the most common use of SSL. You may not realize it but you probably use HTTPS daily. Most popular e-mail services and online banking applications rely on HTTPS to ensure that communications between your web browser and their servers in encrypted. If it weren’t for this technology then anybody with a packet sniffer on your network could intercept usernames, passwords, and anything else that would normally be hidden."
The man in the middle attack is designed to steal valuable information by defeating encryption, this allows the recipient of this info to potentially make money out of it.
Microsoft (still the no. 2 brand name in the world according to Forbes) in turn, lose money when their image and operation are damaged by such attacks. Reducing their perceived worth and potentially their market share. This is not a wet dream. I would prefer Windows to be more secure against this form of attack for the sake of its users, not just M$.
http://www.windowsecurity.com/articles-tutorials/authentication_and_encryption/Understanding-Man-in-the-Middle-Attacks-ARP-Part4.html
Old news c. 2010 to be precise.
Let's be careful out there. (Hill Street Blues 1981)
Following the link to the recommended update has left me confused. Does W7 - that receives the normal Windows automatic updates - need to load anything new to update certificate revokes?
The chain of links seemed to suggest that only if W7 was not using automatic updates - did it need a special updater for CTL.
I followed the W7 links - am at work - got to the Standalone Updater, ran it, discovered the update wasd already installed. Checked update history and... it was installed on Sunday night.
So this is probably just the Reg's usual "hot off the presses but allowed to cool in order to comply with Health & Safety legislation" policy.
suggests that attackers had their fingers in the admin@live.fi pie before asking Comodo for a certificate
Nope, it sounds like the guy realised he could add 'hostmaster' as an alias for his account, told Microsoft and the Finnish authorities and nothing happened.
Eventually MS woke up, and froze his account completely.
What isn't entirely clear, is whether he told MS and then registered the cert to prove his point, or whether he registered the cert and then told MS.
Either way, registering the certificate was probably an overstep IMO
http://arstechnica.com/security/2015/03/man-who-obtained-windows-live-cert-said-his-warnings-went-unanswered/
IF the warnings were ignored, what else is there to do? Seems that too often, the corporate mind feels that these things are BS. For him to do this was a warning shot. If it had been the bad guys, how long do you think it would have been before MS took action and how much damage would have been done?