Dailydave mailing list archives

Previous By Date Next
Previous By Thread Next

Re: XP SP2

From: Corey Gilmore <cfg () dln uvm edu>
Date: Thu, 12 Aug 2004 14:21:54 -0400 (EDT)
On Thu, 12 Aug 2004, Florian Weimer wrote:


* Andrew R. Reiter:


I saw a post on full-disclosure stating M$ did not produce any sort of sum
verification (i.e., md5) for the update; if this is true, how did you
verify the update you had was the one from M$?


It's probably signed using AuthentiCode.  You should be able to check
the signature using the Properties dialog.  (I've never done this,
though.)



It is signed, there is a noticeable delay when opening the properties for
the network install, and explorer.exe talks to a server to verify the
certificate.  After 10 seconds or so the Properties window updates and a
Digital Signatures tab becomes available.  MS signed it, VeriSign
countersigned it.  

Changing the installer package invalidates the signature.
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://www.immunitysec.com/mailman/listinfo/dailydave
Previous By Date Next
Previous By Thread Next

Current thread: