[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-Disclosure] trust? - win2k source code tools

To: <full-disclosure@lists.netsys.com>
Subject: [Full-Disclosure] trust? - win2k source code tools
From: "morning_wood" <se_cur_ity@hotmail.com>
Date: Mon, 16 Feb 2004 13:55:05 -0800

NOW EVERY EXECUTABLE IS TRUSTED AND DIGITALY SIGNED

found this interesting...
\win2k\private\inet\mshtml\build\scripts\tools\x86

iexpress.exe 
signcode.exe
makecert.exe ( DigSig.dll )

( in fast food voice ) and who would you like your package to be certified
from today sir?
\win2k\private\ispu\pkitrust\initpki\certs\



looks like the viri / trojan kiddies will have some fun with this.
yikes to PE format executables.

alas... i could be wrong,

m.wood

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- Re: [Full-Disclosure] trust? - win2k source code tools
  - From: Sander <zion@gmx.de>
- RE: [Full-Disclosure] trust? - win2k source code tools
  - From: "Alan.l1" <alan.list1@ntlworld.com>
- RE: [Full-Disclosure] trust? - win2k source code tools
  - From: "Mike Fratto" <mfratto@nwc.com>

Prev by Date: RE: [Full-Disclosure] Misinformation in Security Advisories (ASN.1)
Next by Date: Re: [Full-Disclosure] New Security News Website
Previous by thread: Re: [Full-Disclosure] New Security News Website
Next by thread: Re: [Full-Disclosure] trust? - win2k source code tools
Index(es):
- Date
- Thread