Urgent Certificate Patch Issued by Microsoft to Address ‘Out-of-Band’ Foreign Certificates

It is said that Microsoft normally releases their patches and updates on the second Tuesday of every month, also known by most as being Patch Tuesday. This time however, they have apparently been forced to release another update having discovered that foreign encryption certificates for big websites, such as Google, had been coming from the National Informatics Center of India’s certificate server.

The problem here is that attackers have allegedly gained access to the certificate generation system and have issued at least 45 certificates, allowing them to pose as companies ranging from email providers to search engines and even banks, as well as credit card processors. Having NIC generating the certificates, the possibility of becoming a victim is extremely high due to browsers showing the given web sites as being trustworthy, having Microsoft flagging the issue as top priority and issuing the urgent ‘out-of-band’ patch.

“The subordinate CA has been misused to issue SSL certificates for multiple sites, including Google web properties. These SSL certificates could be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against web properties,” Microsoft warned in its emergency bulletin. “The subordinate CAs may also have been used to issue certificates for other, currently unknown sites, which could be subject to similar attacks.”

Microsoft has stated that the update in question is being rolled out automatically to all Windows 8 and Windows 8.1 users, as well as users of older Windows operating systems who have installed a recommended Windows Update patch, adding the certificate revocation support to the operating system.

Thank you Bit-Tech for providing us with this information

ECHO Urgent Messenger Aims to Notify Your Friends When You Are In Distress

A new personal SOS device is apparently in the works over at Indiegogo website, having it be able to let people know where you are and even speak to them after you press the ‘panic button’. The device by the name of ECHO Urgent Messenger, which basically has the same principle as a normal panic button, is said to fit on your keychain and help you in calling for help whenever you need it. The company is aiming to raise at least $5,000 in order to start production for the aforementioned gadget.

What makes the device stand out of the crowd is its ability to add friends to the contacts it sends a distress signal upon triggered. Aside from the staff, who will receive your distress signal and be able to talk to you (if you can) or at least listen to what is going on, the device is said to let users add individual phone, email and even Facebook contacts, who will be notified about your distress as soon as you press the button.

[youtube]https://www.youtube.com/watch?v=L97MDtdp0Nk[/youtube]

The message sent when triggered is said to contain your location within five feet, based on GPS, GLONASS and cell tower triangulation. However, with all the privacy concerns out there, this might sound as a way people could track your every movement. Nonetheless, the company has stated that all location tracking features will only activate once the user presses the button and will remain deactivated otherwise.

In terms of power, the ECHO gadget is said to run on a AAA battery, having the company stating that it would last as long as 7 years in standby or 5 hours of talk time in the case where it has been triggered. People interested in acquiring one can pledge at least $144 and wait for it to be delivered in December, though the target crowdfunding plays an important role to its actual release on the market.

Thank you Endgadget for providing us with this information
Image and video courtesy of Indiegogo