| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: rlanguy at hotmail.com (Lan Guy) Subject: [Bogus] Microsoft AuthenticodeT webcam viewer plugin Some time, like 2 or 3 years ago some group registered their Own Certs in the name of Microsoft Corporation. http://slashdot.org/articles/01/03/22/1947233.shtml LG ----- Original Message ----- From: "Nick FitzGerald" <nick@...us-l.demon.co.uk> To: <full-disclosure@...ts.netsys.com> Sent: Wednesday, October 29, 2003 8:05 AM Subject: Re: [Full-Disclosure] [Bogus] Microsoft AuthenticodeT webcam viewer plugin > "morning_wood" <se_cur_ity@...mail.com> wrote: > > > funny, didnt know Micro$oft had a > > "Microsoft AuthenticodeT webcam viewer plugin " > > ... guess there trying to make up for lost revenue by > > going into the East European live teen webcam business > <<snip>> > > FWIW, I think the biggest "problem" here is that a CA (Thawte in this > case) allows code-signing certificates with such ambiguous "names" as > "Browser Plugin" -- they should, for example, require at least some > minimum indication that this is from "Browser Plugin Inc" or "Browser > Plugin Ltd" or whatever. Would they allow a cert in the company name > "IE Plugins" too? Think about the surrounding text and see how > creative can you can be in dreaming up a phrase you'd like to drop in > there to improve your SE chances... > > > Regards, > > Nick FitzGerald > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html >
Powered by blists - more mailing lists