![\"\"](\"https:\/\/zoha-islands.com\/blog\/wp-content\/uploads\/2017\/05\/ssl-certifacates.jpg\")
Security experts advise us not to enter passwords, credit card details, or other sensitive information on any website that does not provide an encrypted connection, and to use a bookmark to access sites that deal with banking or other private matters. But there’s a new threat being used by clever hackers to thwart both of those measures. Read on for details\u2026<\/p>\n
Do You Have a Rogue Certificate?
\nRemember hacks in secondlife are on the rise sadly Linden Labs does not have trusted certificates but they are protected and trusted.<\/p>\n
It\u2019s easy to tell if your connection to a site is encrypted. At the left end of the URL address bar, you will see a padlock icon and the \u201chttps\u201d protocol label; it literally means \u201cHTTP Secure.\u201d<\/p>\n
A secure connection SHOULD tell you two things. First, no one can eavesdrop on the data that flows back and forth between your browser and the site, because all traffic is encrypted. Second, the https protocol authenticates the identity of the server to which you are connected; you can rest assured that you really are connected to your bank\u2019s site and not a scammers imitation of it.<\/p>\n
Authentication makes use of digital certificates. A certificate is an encrypted file containing information such as the certificate holder\u2019s name, the name of the trusted authority that issued the certificate, the unique public encryption key that the certificate holder uses, and other info. Copies of certificates are kept in a trusted \u201ccertificate store.\u201d<\/p>\n
Rogue Certificates<\/p>\n
The first time you connect to a site using https, the certificate the site sends you is compared to the copy in the store; if they match, the site is authenticated. Then a copy of the certificate is stored on your computer, so future visits to that site don\u2019t have to check with the certificate authority. Instead, your browser checks the site\u2019s certificate against the copy in your local certificate store.<\/p>\n
Unfortunately, clever hackers have figured out ways to plant \u201crogue certificates\u201d in victims\u2019 local certificate stores, replacing your bank\u2019s trusted certificate with one that belongs to a rogue website. Now you\u2019ll see the reassuring padlock and \u201chttps\u201d even though you are not connected to the site you think you are. Also, the rogue site can now read everything you send it, including your login credentials.
\nTry This Signature Checking Tool<\/p>\n
A Microsoft tool called sigcheck can detect suspicious certificates in your local certificate store. You can read about all of sigcheck\u2019s features and how they work, or download the zip file containing sigcheck.<\/p>\n
Extract sigcheck.exe<\/a> or sigcheck64.exe<\/a> from the zip file, depending on whether you have a 32-bit or 64-bit Windows PC. (To find out which you have, click Start -> Control Panel -> System. The System panel will tell you whether you have 32-bit or 64-bit Windows. If it doesn’t say either, you have a 32-bit system.) This command checks your local certificate store for certificates that were not generated by a certificate authority that is known by Microsoft. There are many certificate authorities; each has its own \u201croot\u201d certificate, and Microsoft keeps a database of them. If one of your local certificates appears to be valid but wasn\u2019t created by one of the known certificate authorities, it may (or may not) be a rogue certificate.<\/p>\n Ideally, you should see \u201cNo Certificates Found.\u201d If sigcheck does list some suspicious certificates, you will need to do some detective work to see which are legit and which should be deleted.<\/p>\n On my test machine, sigcheck flagged two certificates from Avast, my anti-malware program. Like many security suites, Avast offers a \u201cWeb shield\u201d feature that monitors incoming browser traffic for signs of malware payloads of JavaScript attacks, and blocks them before they can do damage. To monitor an encrypted connection, Avast Web Shield has to create a certificate that allows it to read traffic. Avast needed to create a second certificate to provide real-time protection for my email, which is sent and received via encrypted connection. So these Avast certificates can remain on my machine.<\/p>\n Next, there\u2019s a certificate for “Machine\\TrustedPeople:Administrator.\u201d That would be me, or anyone with administrator privileges. So this certificate can remain, too.<\/p>\n Certificates for \u201cHarmony(Test)\u201d and \u201cHarmonyNew(TEST)\u201d took a bit of googling. They seem to have been created during old Java installations, and serve no purpose now. Let\u2019s delete them. First, I recommend that you run a full malware scan on your system before deleting any certificates, to eradicate the malware that created the certificate(s). Otherwise, the malware may simply re-create the rogue certificates.<\/p>\n To delete certificates, you\u2019ll need another command-line utility called MMC.exe (Microsoft Management Console). It is built into Windows, so all you need to do is open a command-line window and enter MMC to start it. (If prompted, click YES to continue.)<\/p>\n Select \u201cFile\u201d and then \u201cAdd\/Remove Snap-In\u201d Now you see a folder tree on the left. The middle window shows the selected folder\u2019s contents, if any. Drill down the folder tree to find the certificate(s) you wish to delete. Right-click on a certificate in the middle windows and select \u201cDelete\u201d to delete it.<\/p>\n I know this sounds a bit geeky, but if you follow the steps carefully, it’s not so hard, and will give you extra peace of mind. Security experts advise us not to enter passwords, credit card details, or other sensitive information on any website that does not provide an encrypted connection, and to use a bookmark to access sites that deal with banking or other private matters. But there’s a new threat being used by clever hackers to thwart both of … Continue reading
\nTo use sigcheck, click the Start button, type \u201ccmd\u201d in the search box, and hit Enter to open a command-line window.
\nNavigate to the folder that contains the extracted sigcheck executable file
\nType \u201csigcheck -tv\u201d or \u201csigcheck64 -tv\u201d and press Enter<\/p>\n
\nHow to Delete Rogue or Unnecessary Certificates<\/p>\n
\nSelect the snap-in \u201cCertificates\u201d in the left column on the next screen, then click the \u201cAdd\u201d button to move \u201cCertificates\u201d to the right column.
\nSelect \u201cComputer account\u201d on the next screen, then click Next
\nClick Finish on the final screen without changing anything.
\nClick \u201cOK\u201d on the Add\/Remove Plug-ins screen<\/p>\n
\nHave a Great week!<\/p>\n","protected":false},"excerpt":{"rendered":"