Microsoft Unveils New Bing Certificate-Tracking Tool for Webmasters
The software giant is helping webmasters combat fraudulent site certificates with an update to Bing Webmaster Tools.Microsoft has updated Bing Webmaster Tools with new monitoring and reporting options that users can employ to fight back against fraudulent Websites that may be tarnishing their presumably good names. A preview of the feature, simply called Track Certificates, is found under the Security section, which also now contains the Malware Re-Evaluation tool and "allows you to track and review certificates that were requested by browsers visiting your site right from within Bing Webmaster Tools," announced Vincent Wehren, senior product lead of Bing Webmaster and Publisher Experiences at Microsoft, in a statement. The tool was built in collaboration with Microsoft's Operating Systems Group (OSG) Enterprise Security unit, he noted. Website operators have been struggling with fraudulent Secure Sockets Layer (SSL) certificates for years. Last month, the Certificate Authority Security Council (CASC), which counts GoDaddy, Comodo, DigiCert, Symantec and GlobalSign among its members, reported that it was making progress in safeguarding this vital piece of the Web security puzzle with efforts like Certificate Authority Authorization (CAA) and the elimination of "Internal Names," or non-unique identifiers, from SSL certificates. A year ago, Microsoft introduced its own approach called Certificate Reputation that uses Internet Explorer (IE) 11 telemetry—provided that users selected the browser's SmartScreen feature—to verify a certificate's validity. "If a new certificate issued by a different trusted CA (other than the one the site uses typically) is detected for a site, Certificate Reputation can flag it automatically," explained Microsoft.
Now Webmasters can join the hunt. "Track Certificate not only shows you the certificates we encountered, you can also directly report certificates to Microsoft if they look fraudulent or suspicious," said Wehren. "All reported certificates will be reviewed and appropriate action will be taken by Microsoft, including involving the issuing Certificate Authority, or informing other browser manufacturers about the certificate."