Ho appena ricevuto questa:
> To: EVERYONE; New York Office
> Subject: FW: SECURITY ALERT!! MS Digitial Certificate SPOOF! PLEASE REA
> D ASAP
> Importance: High
> > Importance: High
> > Hello,
> > Below you will find a rather technical bulletin about a very serious
> > security risk. In layman’s terms, someone has figured out a way to
> > imitate Microsoft on the Internet, putting everyone at a high risk of
> > downloading viruses. This means even when the best security protocols
> > have is saying you are downloading from a trusted source, namely
> > Microsoft, these protocols have been compromised and you have no way of
> > knowing whether you are getting safe files or not. Microsoft is working
> > on a fix, but for the present moment the only way we have to make sure
> > keep viruses out of our computing environment is to refrain from
> > downloading software off the internet. No matter how innocuous you
> > a file might be, whether it be pictures, sound files, games, utilities,
> > even operating system updates, do not download them to your Schwab
> > machine. If you have a business need for software or any type let your
> > support organization know and they can get what you need, making sure
> > you get is safe. That’s what they pay us for after all. If you have
> > questions, don’t hesitate to ask.
> > Remember, without a secure, stable computing environment, we can’t do
> > business no matter what the market conditions.
> > There are two erroneously issued digital certificates by VERISIGN out in
> > the wild which incorrectly says Microsoft owns them. A certificate is
> > typically used to indicate authentic, legitimate, and can be trusted.
> > MicroSoft is developing a FIX.
> > WHAT THIS MEANS TO YOU:
> > * If you download (Microsoft) programs (e.g. MS9x MS2K, MS Office -
> > Outlook, Word, Excel, etc.), IE updates, MS Sql Server, NT, Service
> > Hot Fixes, etc) from non-Schwab secured locations(ICS, IDG, ECS-NT, etc)
> > you are at greater risk of pulling down malicious code such as trojan
> > horses, keystroke & password capture programs, etc.
> > ACTION TO BE TAKEN:
> > * Until further notice, we recommend you not trust digital
> > certificates from Microsoft UNTIL we get a fix from Microsoft.
> > * Do not download software of any kind to your machine.
> > * Communicate to your colleagues and customers the same message.
> IT Group