[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-Disclosure] [Bogus] Microsoft AuthenticodeT webcam viewer plugin
- To: <nick@virus-l.demon.co.uk>, <full-disclosure@lists.netsys.com>
- Subject: Re: [Full-Disclosure] [Bogus] Microsoft AuthenticodeT webcam viewer plugin
- From: "Lan Guy" <rlanguy@hotmail.com>
- Date: Wed, 29 Oct 2003 10:30:59 +0200
Some time, like 2 or 3 years ago some group registered their Own Certs in
the name of Microsoft Corporation.
http://slashdot.org/articles/01/03/22/1947233.shtml
LG
----- Original Message -----
From: "Nick FitzGerald" <nick@virus-l.demon.co.uk>
To: <full-disclosure@lists.netsys.com>
Sent: Wednesday, October 29, 2003 8:05 AM
Subject: Re: [Full-Disclosure] [Bogus] Microsoft AuthenticodeT webcam viewer
plugin
> "morning_wood" <se_cur_ity@hotmail.com> wrote:
>
> > funny, didnt know Micro$oft had a
> > "Microsoft AuthenticodeT webcam viewer plugin "
> > ... guess there trying to make up for lost revenue by
> > going into the East European live teen webcam business
> <<snip>>
>
> FWIW, I think the biggest "problem" here is that a CA (Thawte in this
> case) allows code-signing certificates with such ambiguous "names" as
> "Browser Plugin" -- they should, for example, require at least some
> minimum indication that this is from "Browser Plugin Inc" or "Browser
> Plugin Ltd" or whatever. Would they allow a cert in the company name
> "IE Plugins" too? Think about the surrounding text and see how
> creative can you can be in dreaming up a phrase you'd like to drop in
> there to improve your SE chances...
>
>
> Regards,
>
> Nick FitzGerald
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html