Full Disclosure mailing list archives
Re: [Bogus] Microsoft AuthenticodeT webcam viewer plugin
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Thu, 30 Oct 2003 10:55:01 +1300
"Lan Guy" <rlanguy () hotmail com> wrote:
Some time, like 2 or 3 years ago some group registered their Own Certs in the name of Microsoft Corporation. http://slashdot.org/articles/01/03/22/1947233.shtml
Yeah, I know. That's why I take anything with a Verisign cert with two grains of salt -- at least if the signature is good I know the file is unchanged relative to what whoever signed it wanted me to get, but beyond that I expect _nothing_. Oddly MS did not immediately drop Verisign, get a whole bunch of new certs from another CA and revoke all their Verisign certs. That alone showed that either MS did not value at the all the tiny additional amount of "trust" a truly good CA can add to the equation, or that MS did not understand (or, more likely, was unprepared for marketing reasons to admit) that Authenticode is really just a sham adding nothing of significant value to the security of mobile code. Regards, Nick FitzGerald _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- [Bogus] Microsoft AuthenticodeT webcam viewer plugin morning_wood (Oct 28)
- Re: [Bogus] Microsoft AuthenticodeT webcam viewer plugin Nick FitzGerald (Oct 28)
- Re: [Bogus] Microsoft AuthenticodeT webcam viewer plugin Lan Guy (Oct 29)
- Re: [Bogus] Microsoft AuthenticodeT webcam viewer plugin Nick FitzGerald (Oct 29)
- Re: [Bogus] Microsoft AuthenticodeT webcam viewer plugin Valdis . Kletnieks (Oct 29)
- Re: [Bogus] Microsoft AuthenticodeT webcam viewer plugin Lan Guy (Oct 29)
- Re: [Bogus] Microsoft AuthenticodeT webcam viewer plugin Andrew Clover (Oct 29)
- Re: [Bogus] Microsoft AuthenticodeT webcam viewer plugin Nick FitzGerald (Oct 29)
- Re: [Bogus] Microsoft AuthenticodeT webcam viewer plugin Andrew Clover (Oct 29)
- Re: [Bogus] Microsoft AuthenticodeT webcam viewer plugin George Capehart (Oct 29)
- Re: [Bogus] Microsoft AuthenticodeT webcam viewer plugin Valdis . Kletnieks (Oct 29)
- Re: [Bogus] Microsoft AuthenticodeT webcam viewer plugin Nick FitzGerald (Oct 28)
- <Possible follow-ups>
- Re: [Bogus] Microsoft AuthenticodeT webcam viewer plugin Andrew Clover (Oct 29)