scary certificate for www.update.microsoft.com
ben at liddicott.com
Mon Jun 18 18:37:21 BST 2012
RSA is not in suite B either.
Also Microsoft will give security updates to unlicensed copies of
windows, the last time I heard, just not functionality updates.
On 18/06/2012 12:37, Tony Naggs wrote:
> Neither the blog or the 2 SSL test tools point out that Microsoft are
> stilling using SHA1 on their new certificate for signing.
> SHA1 has been known since 2005 to be weak, and US NSA advice via NIST
> since 2006 has been:
> "Federal agencies must stop relying on digital signatures that are
> generated using SHA-1 by the end of 2010."
> Really everyone should be using SHA2-256 or better on all new
> certificates by now!
> Yes, as I'm sure you know the Windows Update tool runs (ActiveX) stuff
> to help Microsoft to try to limit updates to go only to PCs with
> correctly licensed Windows.
More information about the ukcrypto