MS security alert: erroneous VeriSign-issued digital certificates

13

Author: JT Smith

MSTechnet: “In mid-March 2001, VeriSign, Inc., advised Microsoft that on January 29 and 30, 2001, it issued two VeriSign Class 3
code-signing digital certificates to an individual who fraudulently claimed to be a Microsoft employee. The common name
assigned to both certificates is ?Microsoft Corporation?. The ability to sign executable content using keys that purport to
belong to Microsoft would clearly be advantageous to an attacker who wished to convince users to allow the content to
run.”