Dailydave mailing list archives
Re: Your trusted computing base is not what you think it is! :>
From: Shane <shane () security-objectives com>
Date: Thu, 15 Jul 2010 10:26:07 -0700
The good thing about their signing key is that it's static (does not change too often) and can be revoked, if not the value is actually higher then their source (key not changing, one time theft = high value, vs. source code/changes frequently = value goes down over time). Hopefully the revokation procedure is being enforced. =). I've almost never seen a verified FF addon... On 7/15/2010 8:00 AM, dave wrote:
Here are some trojans signed by a key from realtek, supposably. How cool is that! You have to assume the signing key was at least as protected as their source code, right? :> http://anti-virus.by/en/tempo.shtml Likewise, people tend to ignore that when you send your bugs to CERT or MS, it's likely the Russian organized crime is also reading it. And, as pointed out: http://news.netcraft.com/archives/2010/07/15/firefox-security-test-add-on-was-backdoored.html So it's been an entertaining week! :> -dave
_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Your trusted computing base is not what you think it is! :> dave (Jul 15)
- Re: Your trusted computing base is not what you think it is! :> Shane (Jul 15)
- Re: Your trusted computing base is not what you think it is! :> Florian Weimer (Jul 19)
- Re: Your trusted computing base is not what you think it is! :> Shane (Jul 15)