[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <00fa01c3f586$5f23f280$021f10ac@bitchin>
From: mfratto at nwc.com (Mike Fratto)
Subject: trust? - win2k source code tools
> NOW EVERY EXECUTABLE IS TRUSTED AND DIGITALY SIGNED
>
> found this interesting...
> \win2k\private\inet\mshtml\build\scripts\tools\x86
>
> iexpress.exe
> signcode.exe
> makecert.exe ( DigSig.dll )
>
> ( in fast food voice ) and who would you like your package to
> be certified from today sir?
> \win2k\private\ispu\pkitrust\initpki\certs\
Nah, unless the private keys were in the directory, all you have are tools
to sign a binary. Big deal. The signatures aren't "trusted" until the target
has the certificate with the corresponding public key in the localkey store.
Powered by blists - more mailing lists