funsec mailing list archives
RE: Sunbelt: Gromozon Malware Digitally Signed by Thawte
From: "Alex Eckelberry" <AlexE () sunbelt-software com>
Date: Wed, 12 Sep 2007 17:39:17 -0400
Ok, true, but it's not marketed as that, and it's not positioned as that, and people believe this thing means that it's somehow safe.
From Thawte's website:
http://www.thawte.com/ssl-digital-certificates/code-signing/index.html?c lick=main-nav-products-codesigning # Gives your users recourse to the person who published it # Promotes the Internet as a secure and viable platform for content distribution # Inspires user confidence And for chrissakes, this thing has been around for MONTHS. We're only breaking it now. Alex -----Original Message----- From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org] On Behalf Of Valdis.Kletnieks () vt edu Sent: Wednesday, September 12, 2007 3:42 PM To: Paul Ferguson Cc: funsec () linuxbox org Subject: Re: [funsec] Sunbelt: Gromozon Malware Digitally Signed by Thawte On Wed, 12 Sep 2007 19:00:45 -0000, Paul Ferguson said:
It's stuff like this that sometimes makes you just throw your hands in
the air. http://sunbeltblog.blogspot.com/2007/09/for-shame-thawte-trusts-gromoz on.html
Unfortunately, that's Working As Designed. Authentication vs Authorization. Thawte has certified that malware really *is* from Gromozon, and not from some even sleazier entity pretending to be Gromozon. That's all they *claim* to do with their certificates. Whether you should trust the signed contents, knowing they *are* from Gromozon, is way out of scope for a certificate. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Sunbelt: Gromozon Malware Digitally Signed by Thawte Paul Ferguson (Sep 12)
- RE: Sunbelt: Gromozon Malware Digitally Signed by Thawte Larry Seltzer (Sep 12)
- RE: Sunbelt: Gromozon Malware Digitally Signed by Thawte Alex Eckelberry (Sep 12)
- Re: Sunbelt: Gromozon Malware Digitally Signed by Thawte Valdis . Kletnieks (Sep 12)
- RE: Sunbelt: Gromozon Malware Digitally Signed by Thawte Alex Eckelberry (Sep 12)
- RE: Sunbelt: Gromozon Malware Digitally Signed by Thawte Alex Eckelberry (Sep 12)
- Re: Sunbelt: Gromozon Malware Digitally Signed by Thawte Valdis . Kletnieks (Sep 14)
- RE: Sunbelt: Gromozon Malware Digitally Signed by Thawte Larry Seltzer (Sep 14)
- RE: Sunbelt: Gromozon Malware Digitally Signed by Thawte Alex Eckelberry (Sep 12)
- RE: Sunbelt: Gromozon Malware Digitally Signed by Thawte Larry Seltzer (Sep 12)