Re: Windows Vista Security Inherently Indeterminate?
- From: david20@xxxxxxxxxxxxxxxx
- Date: Tue, 3 Oct 2006 11:20:57 +0000 (UTC)
In article <4oetg1Fea96iU1@xxxxxxxxxxxxxx>, Sebastian Gottschalk <seppi@xxxxxxxxx> writes:
david20@xxxxxxxxxxxxxxxx wrote:
In article <4oeds5Fe7io6U1@xxxxxxxxxxxxxx>, Sebastian Gottschalk <seppi@xxxxxxxxx> writes:
BC wrote:
I'm sure there will be some clever reverse engineering to get some trusty
utility apps working again, but then clever hackers and virus writers
will probably be able to do likewise.
As I already mentioned, the evil guys can simply aquire a certificate from
VeriSign. Thank you, Microsoft, for choosing the most incompentent CA.
Come on this was over 5 years ago now
http://www.verisign.com/support/advisories/authenticodefraud.html
It was 5 years ago since the still ongoing series of such incidents
started.
Please post details of subsequent incidents where Verisign has signed
certificates for someone falsely claiming to be Microsoft.
I can't say I particularly like any of the CAs and Verisign has abused it's
power in the past - such as with it's wildcarded A records for the .com and
..net top level domains. But still attacking them for this incident with the
"Microsoft certificates" after five years seems excessive.
David Webb
Security team leader
CCSS
Middlesex University
.
- Follow-Ups:
- References:
- Prev by Date: Re: Windows Vista Security Inherently Indeterminate?
- Next by Date: Re: Windows Vista Security Inherently Indeterminate?
- Previous by thread: Re: Windows Vista Security Inherently Indeterminate?
- Next by thread: Re: Windows Vista Security Inherently Indeterminate?
- Index(es):
Relevant Pages
|
|
