Full Disclosure mailing list archives
Re: MSN Webcam / Chat Spoof
From: Valdis.Kletnieks () vt edu
Date: Mon, 12 May 2003 13:33:58 -0400
On Mon, 12 May 2003 10:09:32 EDT, "Richard M. Smith" <rms () computerbytesman com> said:
My question: Why can't an Authenticode certificate present the following information to a user: - Company name - Street address - Phone number - Web site URL - Contact Email address - Company logo - Link to a product description page
OK.. .So you get a cert - now other than "phone number", is there anything there that *really* increases your confidence level (given that you have 2 http:// and a mailto: URL, and they could all point at a hijacked server)? Remember that there has already been one well-publicized case of Verisign issuing a bogus Microsoft cert - there's no proof they haven't made the same social-engineering whoops on possibly *dozens* of lesser-known software houses. And after the dot-bombed era, there's probably a *lot* of places that had certs and went belly up - and said certs went out the door when the servers they were on got surplused. I'm sure snooping around the right hacker IRC channels will find you a pointer to a black-market cert that you can have a copy of....
Attachment:
_bin
Description:
Current thread:
- MSN Webcam / Chat Spoof morning_wood (May 11)
- RE: MSN Webcam / Chat Spoof Richard M. Smith (May 11)
- <Possible follow-ups>
- RE: MSN Webcam / Chat Spoof Daniel Dočekal (May 11)
- RE: MSN Webcam / Chat Spoof Richard M. Smith (May 12)
- RE: MSN Webcam / Chat Spoof Daniel Dočekal (May 12)
- RE: MSN Webcam / Chat Spoof Richard M. Smith (May 12)
- Re: MSN Webcam / Chat Spoof Valdis . Kletnieks (May 12)
- RE: MSN Webcam / Chat Spoof Richard M. Smith (May 12)
- RE: MSN Webcam / Chat Spoof Richard M. Smith (May 12)
- Re: MSN Webcam / Chat Spoof Steve Poirot (May 13)
- Re: MSN Webcam / Chat Spoof yossarian (May 13)