Full Disclosure mailing list archives
Re: Creating a rogue CA certificate
From: chort <chort0 () gmail com>
Date: Tue, 30 Dec 2008 15:29:54 -0800
On Tue, Dec 30, 2008 at 2:42 PM, n3td3v <xploitable () gmail com> wrote:
On Tue, Dec 30, 2008 at 10:29 PM, <Valdis.Kletnieks () vt edu> wrote:On Tue, 30 Dec 2008 20:10:16 GMT, n3td3v said:Aiding script kids to get credit card numbers out of folks e-commerce purchases.Dear Idiot: This is hardly an attack that the average script kiddie can pull off.Until HD Moore releases an attack module for it.
Since you're so certain this is possible, could you kindly summarize (at a high level, no need for detail) how this could be accomplished? Now that you're unable to do so, I will explain why: Because you don't have a clue how PKI works, much less how it's possible to exploit it, which is really tragic considering there are plenty of pretty graphs and dumbed-down explanations out there now that even a drop-out should be able to comprehend. Assuming source code, or even full attack details, are published any time soon, will HD Moore also be sending out free super-computing clusters to find the MD5 collisions? Well he be sending free money to buy the certificates required to accurately predict the serial number to generate? This isn't some SQL injection or remote buffer overflow, there are a lot of manual steps involved that cannot simply be plugged into a generic attack platform. You're an ignorant fool. You should ask questions to learn how things work before you spout opinions. Statements are only thought-provoking if they're made based on comprehension of the subject matter. The only thing you have full comprehension of is how to hit Send, and that's quite unfortunate. -- chort _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Creating a rogue CA certificate Elazar Broad (Dec 30)
- Re: Creating a rogue CA certificate James Matthews (Dec 30)
- Re: Creating a rogue CA certificate n3td3v (Dec 30)
- Re: Creating a rogue CA certificate j-f sentier (Dec 30)
- Re: Creating a rogue CA certificate Ureleet (Dec 30)
- Re: Creating a rogue CA certificate Nelson Murilo (Dec 30)
- Re: Creating a rogue CA certificate Ureleet (Dec 30)
- Re: Creating a rogue CA certificate Valdis . Kletnieks (Dec 30)
- Re: Creating a rogue CA certificate don bailey (Dec 30)
- Re: Creating a rogue CA certificate n3td3v (Dec 30)
- Re: Creating a rogue CA certificate chort (Dec 30)
- Re: Creating a rogue CA certificate Valdis . Kletnieks (Dec 30)
- Re: Creating a rogue CA certificate chort (Dec 30)
- Re: Creating a rogue CA certificate Valdis . Kletnieks (Dec 30)
- Re: Creating a rogue CA certificate chort (Dec 30)
- Re: Creating a rogue CA certificate j-f sentier (Dec 30)
- Re: Creating a rogue CA certificate Ureleet (Dec 31)
- <Possible follow-ups>
- Re: Creating a rogue CA certificate Elazar Broad (Dec 30)
- Re: Creating a rogue CA certificate Elazar Broad (Dec 30)
- Re: Creating a rogue CA certificate Valdis . Kletnieks (Dec 30)
- Re: Creating a rogue CA certificate Elazar Broad (Dec 31)