Re: strange software > winsupdater.exe
Valdis.Kletnieks_at_vt.edu
Date: 03/17/05
- Previous message: k levinson: "Re: strange software > winsupdater.exe"
- In reply to: Harlan Carvey: "Re: strange software > winsupdater.exe"
- Next in thread: Nick FitzGerald: "Re: strange software > winsupdater.exe"
- Reply: Nick FitzGerald: "Re: strange software > winsupdater.exe"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: Harlan Carvey <keydet89@yahoo.com> Date: Thu, 17 Mar 2005 13:20:57 -0500
On Thu, 17 Mar 2005 03:08:14 PST, Harlan Carvey said:
> However, you _can_ get a warm fuzzy if the file has
> the MS file version information compiled into it.
And you verify the authenticity of your warm fuzzy how, exactly?
const char MS_version[] = "bogus MS file version info goes here";
(Remember - we've already had major worms that crafted a totally bogus
"X-Virus: scanned by" header claiming a real AV had scanned it....)
> That warm fuzzy can be increased if the file is
> digitally signed by MS.
First, go back and re-read http://www.cert.org/advisories/CA-2001-04.html
Second, remember that you're worried that the machine is compromised - and
you're asking it to verify the signature. Again, if the box is compromised,
the DLL that verifies signatures could be backdoored as well.
This is why you *really* need to boot from a known-clean CD and verify the
signatures from there.
- application/pgp-signature attachment: stored
- Previous message: k levinson: "Re: strange software > winsupdater.exe"
- In reply to: Harlan Carvey: "Re: strange software > winsupdater.exe"
- Next in thread: Nick FitzGerald: "Re: strange software > winsupdater.exe"
- Reply: Nick FitzGerald: "Re: strange software > winsupdater.exe"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
