[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] [Full Disclosure] Unauthorized Digital Certificates Could Allow Spoofing
- To: imipak <imipak@xxxxxxxxx>
- Subject: Re: [Full-disclosure] [Full Disclosure] Unauthorized Digital Certificates Could Allow Spoofing
- From: Georgi Guninski <guninski@xxxxxxxxxxxx>
- Date: Mon, 4 Jun 2012 20:33:16 +0300
Thank you all for the information :)
On Mon, Jun 04, 2012 at 03:06:41PM +0100, imipak wrote:
> > what does this mean?
> >
> > m$ inadvertently gave signing rights to lusers, they got rooted or
> something else?
> >
>
> http://blogs.technet.com/b/srd/archive/2012/06/03/microsoft-certification-authority-signing-certificates-added-to-the-untrusted-certificate-store.aspx
>
> says:
>
> "[..] certificates issued by our Terminal Services licensing certification
> authority, which are intended to only be used for license server
> verification, could also be used to sign code as Microsoft. Specifically,
> when an enterprise customer requests a Terminal Services activation
> license, the certificate issued by Microsoft in response to the request
> allows code signing without accessing Microsoft’s internal PKI
> infrastructure."
>
>
> -i
>
> --
> wake up the past
> and tell it to stay away
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/