| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <27281793.11592371338819948306.JavaMail.juha-matti.laurio@netti.fi> Date: Mon, 4 Jun 2012 17:25:47 +0300 (EEST) From: Juha-Matti Laurio <juha-matti.laurio@...ti.fi> To: Georgi Guninski <guninski@...inski.com>, Shreyas Zare <shreyas@...fence.com> Cc: full-disclosure@...ts.grok.org.uk Subject: Re: Unauthorized Digital Certificates Could Allow Spoofing Certification path of the certificate that was used to sign WUSetupV.exe used by the Flame malware [pic]: https://twitter.com/#!/mikko/status/209620723973636096 Juha-Matti Shreyas Zare [shreyas@...fence.com] wrote: > On Mon, Jun 4, 2012 at 7:21 PM, Georgi Guninski <guninski@...inski.com> wrote: > > > > http://technet.microsoft.com/en-us/security/advisory/2718704 > > Microsoft is aware of active attacks using unauthorized digital certificates derived from a Microsoft Certificate Authority. > > > > what does this mean? > > > > m$ inadvertently gave signing rights to lusers, they got rooted > > or something else? > > > https://blogs.technet.com/b/srd/archive/2012/06/03/microsoft-certification-authority-signing-certificates-added-to-the-untrusted-certificate-store.aspx?Redirected=true > > https://www.securityweek.com/microsoft-unauthorized-certificate-was-used-sign-flame-malware > > > Shreyas Zare > > Sr. Information Security Researcher > Secfence Technologies > www.secfence.com > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists