 |
Advisories
|
|
|
What to Look For: Authenticode Warning Dialogue Box
Microsoft Internet Explorer users should visually
inspect the certificates cited in warning dialogue boxes when downloading
code or content, such as a digitally signed ActiveX control or executables,
from the Internet.
The dialog box below displays what you might see when
encountering digitally signed content. In the case below, a legitimate
Microsoft certificate was used to sign the content to be downloaded.
- DO NOT
click "Yes" in the "Security Warning" dialog box.
Instead, click on the link "Microsoft Corporation" to get
more information about the certificate. You'll then see the following
box:
- Select the "Details" tab. In the "Details" view,
look for the "Serial number" field.
- Check the serial number and validity period of the certificate to
ensure that the certificate is legitimate and not fraudulent.
The fraudulent certificates
are:
Certificate 1:
- Issued by VeriSign
Commercial Software Publishers CA
- Validity period
is 1/29/2001 to 1/30/2002
- Serial number is
1B51 90F7 3724 399C 9254 CD42 4637 996A
Certificate 2:
- Issued by VeriSign
Commercial Software Publishers CA
- Validity period
is 1/30/2001 to 1/31/2002
- Serial number is
750E 40FF 97F0 47ED F556 C708 4EB1 ABFD
If the serial number of
the certificate is not one of the serial numbers listed above, the certificate
is valid and the content or code is truly from Microsoft and is safe
to download. If the certificate's serial number is one of the two listed
above, DO NOT
click "Yes" in the "Security Warning" dialog box.
Instead, click "No" and contact VeriSign's Emergency Response
Team immediately at: 650-426-5237 or vest@verisign.com.
|
Worldwide Sites
