[cryptography] DigiNotar SSL Hack Diagram | Cyber Chatter

lodewijk andré de la porte lodewijkadlp at gmail.com
Tue Sep 20 19:45:41 EDT 2011


Mobile phones are mostly toys, and as such don't require solid security.
Until you use them to check you bank account that is. I doubt they'd ignore
that. The signing processes is likely only to have it be swallowed by
whatever 'secure execution' mechanism might be in place. I could be wrong
and they just figured the risks were negligible. They usually are, terms of
service usually include extensive non-liability.

Lewis

2011/9/20 Peter Gutmann <pgut001 at cs.auckland.ac.nz>

> Marsh Ray <marsh at extendedsubset.com> writes:
>
> >Those are the Cyanogen guys. Android modders.
>
> The same people who used a "publicly available private key" to sign their
> code.  Which, being publicly available to anyone, was promptly used by
> malware
> authors to sign *their* code.
>
> Reading through some of the Cyanogen threads, I get the impression they see
> security as a nuisance to be bypassed rather than a real requirement.
>
> Peter.
> _______________________________________________
> cryptography mailing list
> cryptography at randombit.net
> http://lists.randombit.net/mailman/listinfo/cryptography
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.randombit.net/pipermail/cryptography/attachments/20110921/05a73128/attachment.html>


More information about the cryptography mailing list