[Full-Disclosure] [Bogus] Microsoft AuthenticodeT webcam viewer plugin
Lan Guy
rlanguy at hotmail.com
Wed Oct 29 08:30:59 GMT 2003
Some time, like 2 or 3 years ago some group registered their Own Certs in
the name of Microsoft Corporation.
http://slashdot.org/articles/01/03/22/1947233.shtml
LG
----- Original Message -----
From: "Nick FitzGerald" <nick at virus-l.demon.co.uk>
To: <full-disclosure at lists.netsys.com>
Sent: Wednesday, October 29, 2003 8:05 AM
Subject: Re: [Full-Disclosure] [Bogus] Microsoft AuthenticodeT webcam viewer
plugin
> "morning_wood" <se_cur_ity at hotmail.com> wrote:
>
> > funny, didnt know Micro$oft had a
> > "Microsoft AuthenticodeT webcam viewer plugin "
> > ... guess there trying to make up for lost revenue by
> > going into the East European live teen webcam business
> <<snip>>
>
> FWIW, I think the biggest "problem" here is that a CA (Thawte in this
> case) allows code-signing certificates with such ambiguous "names" as
> "Browser Plugin" -- they should, for example, require at least some
> minimum indication that this is from "Browser Plugin Inc" or "Browser
> Plugin Ltd" or whatever. Would they allow a cert in the company name
> "IE Plugins" too? Think about the surrounding text and see how
> creative can you can be in dreaming up a phrase you'd like to drop in
> there to improve your SE chances...
>
>
> Regards,
>
> Nick FitzGerald
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
Full-Disclosure is hosted and sponsored by Secunia.