RE: Sunbelt: Gromozon Malware Digitally Signed by Thawte

["Alex Eckelberry" <AlexE () sunbelt-software com>]

Ok, true, but it's not marketed as that, and it's not positioned as
that, and people believe this thing means that it's somehow safe. 

> From Thawte's website: 

http://www.thawte.com/ssl-digital-certificates/code-signing/index.html?c
lick=main-nav-products-codesigning

# Gives your users recourse to the person who published it
# Promotes the Internet as a secure and viable platform for content
distribution
# Inspires user confidence

And for chrissakes, this thing has been around for MONTHS.  We're only
breaking it now.  

Alex


 

-----Original Message-----
From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org]
On Behalf Of Valdis.Kletnieks () vt edu
Sent: Wednesday, September 12, 2007 3:42 PM
To: Paul Ferguson
Cc: funsec () linuxbox org
Subject: Re: [funsec] Sunbelt: Gromozon Malware Digitally Signed by
Thawte

On Wed, 12 Sep 2007 19:00:45 -0000, Paul Ferguson said:

> It's stuff like this that sometimes makes you just throw your hands in

> the air.
>
> http://sunbeltblog.blogspot.com/2007/09/for-shame-thawte-trusts-gromoz
> on.html

Unfortunately, that's Working As Designed.  Authentication vs
Authorization.

Thawte has certified that malware really *is* from Gromozon, and not
from some even sleazier entity pretending to be Gromozon.  That's all
they *claim* to do with their certificates.

Whether you should trust the signed contents, knowing they *are* from
Gromozon, is way out of scope for a certificate.

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.