Microsoft Preparing WP7 Update To Block Fake SSL Certificates
"Microsoft is scrambling to protect its products from the potential vulnerabilities, and plans to release a Windows Phone 7 update to block the fake SSL certificates."
Earlier this week it was discovered that a Nation-Sponsored attack on Comodo affiliate "RA" had resulted in nine fake SSL certificates being issued. According to Microsoft, these fake SSL certificates could be used to "spoof content, perform phishing attacks, or perform man-in-the-middle attacks against all Web browser users including users of Internet Explorer." Microsoft has already updated its Windows operating system to protect users against the fake SSL certificates and are currently working on an update for its Windows Phone 7 OS.
The fake SSL certificates affected the following websites: login.live.com, mail.google.com, www.google.com, login.yahoo.com, login.skype.com and addons.mozilla.org. If you visit these sites on your phone you may want to use caution.