Code signing FTW!

[Dave Aitel <dave () immunityinc com>]

Good Muse Everyone!
http://blogs.adobe.com/asset/2012/09/inappropriate-use-of-adobe-code-signing-certificate.html

My fav. line in the above is " There is no evidence to date that any
source code was stolen."

I mean, aside from the obvious fact that the attackers were knowledgable
enough about the organization to find and use the custom code-signing
API. The Chinese modus operandi is to dump tools that have been
discovered, so maybe we will be lucky enough to see them posted to a
Chinese forum shortly?

If it affects the Windows platform, does that mean attackers can
autoupdate your Reader with signed versions of pwdump? Hard to know from
the Adobe press release.

(That said, the Key itself was stored on hardware, which is a step up
from the Fedora attack...)

-dave

-- 
INFILTRATE - the world's best offensive information security conference.
April 2013 in Miami Beach
www.infiltratecon.com

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
Dailydave mailing list
Dailydave () lists immunityinc com
https://lists.immunityinc.com/mailman/listinfo/dailydave