Microsoft as issued an new security advisory about the possible way someone might be able to take your sensitive information using an invalid digital signature: [ad#ad2-right-1]
Microsoft is aware that research was published at a security conference proving a successful attack against X.509 digital certificates signed using the MD5 hashing algorithm. This attack method could allow an attacker to generate additional digital certificates with different content that have the same digital signature as an original certificate. The MD5 algorithm had previously shown a vulnerability, but a practical attack had not yet been demonstrated.
Although Microsoft has stated in the advisory most companies are using the SHA-1 algorithm. Some are still using the MD5 and should stop using it immediately. Microsoft says there is none in the wild but you can be bet on it someone will do it sooner or later. Certificate Authorities should stop using MD5 and go to a much stronger better Algorithm. This is what Microsoft is saying and they aren’t providing much information for the end-user on how to prevent from using MD5 certificates on your system. You can remove the MD5 certificate manually if you are a system administor and want to protect the computers at the office. Please don’t do this unless you know what your doing, you could very well break your system if you did something like this.
