Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [Bogus] Microsoft AuthenticodeT webcam viewer plugin

From: "Lan Guy" <rlanguy () hotmail com>
Date: Wed, 29 Oct 2003 10:30:59 +0200
Some time, like 2 or 3 years ago some group registered their Own Certs in
the name of Microsoft Corporation.
http://slashdot.org/articles/01/03/22/1947233.shtml
LG

----- Original Message ----- 
From: "Nick FitzGerald" <nick () virus-l demon co uk>
To: <full-disclosure () lists netsys com>
Sent: Wednesday, October 29, 2003 8:05 AM
Subject: Re: [Full-disclosure] [Bogus] Microsoft AuthenticodeT webcam viewer
plugin



"morning_wood" <se_cur_ity () hotmail com> wrote:


funny, didnt know Micro$oft had a
"Microsoft AuthenticodeT webcam viewer plugin "
... guess there trying to make up for lost revenue by
going into the East European live teen webcam business

<<snip>>

FWIW, I think the biggest "problem" here is that a CA (Thawte in this
case) allows code-signing certificates with such ambiguous "names" as
"Browser Plugin" -- they should, for example, require at least some
minimum indication that this is from "Browser Plugin Inc" or "Browser
Plugin Ltd" or whatever.  Would they allow a cert in the company name
"IE Plugins" too?  Think about the surrounding text and see how
creative can you can be in dreaming up a phrase you'd like to drop in
there to improve your SE chances...


Regards,

Nick FitzGerald

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: