Product details

By continuing to use our site you consent to the use of cookies as described in our privacy policy unless you have disabled them.
You can change your cookie settings at any time but parts of our site will not function correctly without them.
Compact case
Case
-
Reference no. C702-015-1
Simplified Chinese language
Published by: Asia Case Research Centre, The University of Hong Kong
Published in: 2002
Length: 2 pages
Data source: Published sources

Abstract

This is a Simplified Chinese version. On 22 March, 2001, the Microsoft Corporation (Microsoft) warned computer users that an individual posing electronically as a company representative had fooled VeriSign Inc, the leading digital certificate authority, into issuing two fraudulent digital certificates in Microsoft's name. The certificates could be used by malicious attackers to trick computer users into running unsafe software programmes. Despite the discovery of the fraud and the follow-up investigation by the FBI, the person who registered the certificates could not be found. The Microsoft case was the world's first reported case of digital certificate fraud. It raised serious questions about the sophistication of digital certificates and signatures, and the rules governing the conduct of issuers and users in the electronic marketplace. The accident also revealed that a simple identity certificate/signature comes with complex and non-standard policies and procedures that are vulnerable to regulatory and security flaws.

About

Abstract

This is a Simplified Chinese version. On 22 March, 2001, the Microsoft Corporation (Microsoft) warned computer users that an individual posing electronically as a company representative had fooled VeriSign Inc, the leading digital certificate authority, into issuing two fraudulent digital certificates in Microsoft's name. The certificates could be used by malicious attackers to trick computer users into running unsafe software programmes. Despite the discovery of the fraud and the follow-up investigation by the FBI, the person who registered the certificates could not be found. The Microsoft case was the world's first reported case of digital certificate fraud. It raised serious questions about the sophistication of digital certificates and signatures, and the rules governing the conduct of issuers and users in the electronic marketplace. The accident also revealed that a simple identity certificate/signature comes with complex and non-standard policies and procedures that are vulnerable to regulatory and security flaws.

Related