Topic: Microsoft to kill weak web certificates

[Simon]

Website owners need to check and update their SSL certificates in order to avoid being shown as a security risk ahead of an upcoming security clampdown by Microsoft.

The warning comes ahead of a 9 October update that will address the strength of digital certificates used to authenticate sites and services, with shorter 512-bit encrypted keys no longer valid and blocked by Internet Explorer.

The issue was partially addressed in August, with an optional patch in Security Advisory 2661254, following a series of security issues caused by certificate flaws. Now, Microsoft will make the stricter rules on encryption key length apply across the board next month, with some older certificates no longer showing as being from a trusted site.

"Internet Explorer will show a warning similar to the one you would get for other SSL inconsistencies such as a 'Certificate not signed by an approved Certificate Authority'," said Wolfgang Kandek, CTO of security company Qualys. "There are also other possible impacts in email."

According to Kandek, the issue is likely to be limited to relatively few certificates, but the impact on those sites will be significant.

Read more: http://www.pcpro.co.uk/news/376822/microsoft-to-kill-weak-web-certificates#ixzz266G308jz

[Rik]

The funeral service will be held at...

[Simon]

Surely, if it restricts use of websites in IE, people will just move to other browsers.  The average punter won't care about certificates. 

[Rik]

A bit like the average employer.

[sam]

I bet a bunch of M$ sites will go down!

[Clive]

 

[Simon]