| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <3EC12F2A.4010200@gci.net> From: poirotsj at gci.net (Steve Poirot) Subject: MSN Webcam / Chat Spoof I don't know about IE, but with Netscape you can import the CRLs and arrange for automatic updates with the maximum frequency being once per day. John.Airey@...b.org.uk wrote: > Because Thawte don't have the hardware capabilities to do this. I'd > asked them this before and they told me it would be too difficult to > set this up. Even if they did, imagine how much network traffic would > be required for verifying every certificate worldwide? > > PKI as it is set up at the moment is as useful as the British MOT > test. All it says is that on a given day your identity (or car) was > satisfactorily inspected. The other 364 (or 365) days anything could > happen. > > > - > John Airey, BSc (Jt Hons), CNA, RHCE > Internet systems support officer, ITCSD, Royal National Institute of > the Blind, > Bakewell Road, Peterborough PE2 6XU, > Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 John.Airey@...b.org.uk > > Appeasement is the policy of being nice to a crocodile in the hope > that he will eat you last. (Winston Churchill) > > -----Original Message----- > From: Richard M. Smith [mailto:rms@...puterbytesman.com] > Sent: 12 May 2003 18:09 > To: full-disclosure@...ts.netsys.com > Subject: RE: [Full-Disclosure] MSN Webcam / Chat Spoof > > The other problem with Authenticode is that certifcates aren't > revokable. Why doesn't IE go back to Thawte to see if the > "Browser Plugin" certificate is still valid? > > Richard > > -----Original Message----- > From: full-disclosure-admin@...ts.netsys.com > [mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of > Daniel Docekal > Sent: Monday, May 12, 2003 11:38 AM > To: 'Richard M. Smith'; full-disclosure@...ts.netsys.com > Subject: RE: [Full-Disclosure] MSN Webcam / Chat Spoof > > Sure Richard it is actually loader of dialer program itself - > it even updates itself any time it wants and it does anything > it wants. And there thousands of people who had this bad luck > to "use" that kind of software without properly realising what > they are doing. > > Concerning that certifitace - stop trusting things which > cannot be trusted. Would be any COmpany/Street text something > you can trust? Would it change any time that company relocates? > > It's problem of Microsoft who made this "authenticode" > verification so misguided and people that they even trust to > that. Actually one should not trust to anything that is not > personally known to him... > > -----Original Message----- > From: full-disclosure-admin@...ts.netsys.com > [mailto:full-disclosure-admin@...ts.netsys.com] On Behalf > Of Richard M. Smith > Sent: Monday, May 12, 2003 4:10 PM > To: full-disclosure@...ts.netsys.com > Subject: RE: [Full-Disclosure] MSN Webcam / Chat Spoof > > The downloaded ActiveX file can be found at this URL: > http://80.96.118.2/ac/mw/MSN_QTPieJess1.exe > > I ran a strings on the file and the control is called: > TIBS Loader module and the ProgID is LoaderCon.LoaderCon. > I can't find anything on the Web about this particular > ActiveX control, but it wouldn't surprise me that it is > part of some sort adult dialer scheme. The control > appears to be more of a downloader program and not the > adult dialer itself. > > My question: Why can't an Authenticode certificate > present the following information to a user: > > - Company name > - Street address > - Phone number > - Web site URL > - Contact Email address > - Company logo > - Link to a product description page > > All this information can be verified when a company > applies for a Authenticode signing tool. The current > scheme is just plain silly as this MSN scam illustrates. > There is simply no way to verify where a piece of software > is really coming from. > > Richard > > > -----Original Message----- > From: full-disclosure-admin@...ts.netsys.com > [mailto:full-disclosure-admin@...ts.netsys.com] On > Behalf Of Daniel Do?ekal > Sent: Monday, May 12, 2003 2:08 AM > To: full-disclosure@...ts.netsys.com > Subject: RE: [Full-Disclosure] MSN Webcam / Chat Spoof > > Browser Plugin is ADULT DIALER - it connects via modem > to telephone service and you pay your sexy adventure > through your telephone bill. In many cases, there are > adult dialers committing fraud - they redirect your > dial-up internet connection to very expensive number > without your knowledge. > > -----Original Message----- > From: full-disclosure-admin@...ts.netsys.com > [mailto:full-disclosure-admin@...ts.netsys.com] On > Behalf Of Richard M. Smith > Sent: Monday, May 12, 2003 3:40 AM > To: full-disclosure@...ts.netsys.com; > secure@...rosoft.com > Subject: RE: [Full-Disclosure] MSN Webcam / Chat Spoof > > You missed the good part. If you actually go to > the "MSN" Web site and press the "Connect Now" > button, the site tries to download some > questionable ActiveX control. Not to worry however: > > Just press YES in the dialog box when it > appears. This operation is totally safe and > certified by Microsoft Authenticode(tm) > > The control is signed by "Browser Plugin". I > guess Thawte will give anyone an Authenticode > certificate nowadays. I wonder who "Browser > Plugin" really is? > > > > > - > > > NOTICE: The information contained in this email and any attachments is > > confidential and may be legally privileged. If you are not the > > intended recipient you are hereby notified that you must not use, > > disclose, distribute, copy, print or rely on this email's content. If > > you are not the intended recipient, please notify the sender > > immediately and then delete the email and any attachments from your > > system. > > > RNIB has made strenuous efforts to ensure that emails and any > > attachments generated by its staff are free from viruses. However, it > > cannot accept any responsibility for any viruses which are > > transmitted. We therefore recommend you scan all attachments. > > > Please note that the statements and views expressed in this email > > and any attachments are those of the author and do not necessarily > > represent those of RNIB. > > > RNIB Registered Charity Number: 226227 > > > Website: http://www.rnib.org.uk > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20030513/4d39e68a/attachment.html
Powered by blists - more mailing lists