What Apple and Microsoft have done is like someone building a house is such a remote rural area where you don’t expect to meet another human for hundreds of miles. Then leave the door always open, be it day or night. Technically, your house is secure since no one is expected to come around; until they do.
News of Apple shipping MacOS High Sierra with no root password first surfaced late last month. It now appears Microsoft too has left the front door open on Windows security door, simply because it takes too much technical skills and the right person to dive that deep into the OS configurations.
Software developer Matthias Gliwka discovered a flaw in Microsoft’s wildcard transport layer security (TLS) certificate. Gliwka says it includes a private key when you are setting up a sandbox testing environment for Microsoft’s Customer Relationship Manager, Enterprise Resource Planning, and Dynamics 365 software.
The private key is flawed given when a hacker exports it, they can decrypt traffic that was earlier scrambled by a digital credential by impersonating the server. This trick will expose the user’s communication without ever …read more