Re: [Full-Disclosure] [Bogus] Microsoft AuthenticodeT webcam viewer plugin

From: Nick FitzGerald (nick_at_virus-l.demon.co.uk)
Date: 10/29/03

  • Next message: Brett Hutley: "Re: [Full-Disclosure] Off topic programming thread" 
    To: full-disclosure@lists.netsys.com
Date: Wed, 29 Oct 2003 19:05:28 +1300

    "morning_wood" <se_cur_ity@hotmail.com> wrote:

    > funny, didnt know Micro$oft had a
    > "Microsoft AuthenticodeT webcam viewer plugin "
    > ... guess there trying to make up for lost revenue by
    > going into the East European live teen webcam business
    <<snip>>

    FWIW, I think the biggest "problem" here is that a CA (Thawte in this
    case) allows code-signing certificates with such ambiguous "names" as
    "Browser Plugin" -- they should, for example, require at least some
    minimum indication that this is from "Browser Plugin Inc" or "Browser
    Plugin Ltd" or whatever. Would they allow a cert in the company name
    "IE Plugins" too? Think about the surrounding text and see how
    creative can you can be in dreaming up a phrase you'd like to drop in
    there to improve your SE chances...

    Regards,

    Nick FitzGerald

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html

  • Next message: Brett Hutley: "Re: [Full-Disclosure] Off topic programming thread"
    • Quantcast