lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <00fa01c3f586$5f23f280$021f10ac@bitchin>
From: mfratto at nwc.com (Mike Fratto)
Subject: trust? - win2k source code tools


> NOW EVERY EXECUTABLE IS TRUSTED AND DIGITALY SIGNED
> 
> found this interesting... 
> \win2k\private\inet\mshtml\build\scripts\tools\x86
> 
> iexpress.exe 
> signcode.exe
> makecert.exe ( DigSig.dll )
> 
> ( in fast food voice ) and who would you like your package to 
> be certified from today sir? 
> \win2k\private\ispu\pkitrust\initpki\certs\

Nah, unless the private keys were in the directory, all you have are tools
to sign a binary. Big deal. The signatures aren't "trusted" until the target
has the certificate with the corresponding public key in the localkey store.


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ