[cryptography] DigiNotar SSL Hack Diagram | Cyber Chatter
lodewijk andré de la porte
lodewijkadlp at gmail.com
Tue Sep 20 19:45:41 EDT 2011
Mobile phones are mostly toys, and as such don't require solid security.
Until you use them to check you bank account that is. I doubt they'd ignore
that. The signing processes is likely only to have it be swallowed by
whatever 'secure execution' mechanism might be in place. I could be wrong
and they just figured the risks were negligible. They usually are, terms of
service usually include extensive non-liability.
2011/9/20 Peter Gutmann <pgut001 at cs.auckland.ac.nz>
> Marsh Ray <marsh at extendedsubset.com> writes:
> >Those are the Cyanogen guys. Android modders.
> The same people who used a "publicly available private key" to sign their
> code. Which, being publicly available to anyone, was promptly used by
> authors to sign *their* code.
> Reading through some of the Cyanogen threads, I get the impression they see
> security as a nuisance to be bypassed rather than a real requirement.
> cryptography mailing list
> cryptography at randombit.net
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the cryptography