[cryptography] Microsoft Sub-CA used in malware signing

Erwann Abalea eabalea at gmail.com
Tue Jun 5 05:37:35 EDT 2012


2012/6/5 Marsh Ray <marsh at extendedsubset.com>

> [...]
>
> An excerpt:
> "That’s right, every single enterprise user of Microsoft Terminal Services
> on the planet had a CA key that could issue as many code signing
> certificates they wanted and for any name they wanted."
>
> It sounds as if Windows users might have a million code-signing DigiNotars
> to worry about.
>
>
md5withRSA, sequential serials, everybody-gets-a-CA...
This is depressing.

The timestamp on the signed objects allows the signature to stay valid for
much longer than the validity of the signer. So the 2 years validity for
TS-CA certificates is not a problem here.

-- 
Erwann.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.randombit.net/pipermail/cryptography/attachments/20120605/12131194/attachment.html>


More information about the cryptography mailing list