[cryptography] Microsoft Sub-CA used in malware signing

The Fungi fungi at yuggoth.org
Mon Jun 11 12:27:59 EDT 2012


On 2012-06-10 17:33:51 -0500 (-0500), Marsh Ray wrote:
[...]
> 	e2 - attacker bribes Microsoft personnel into issuing evil cert
[...]

<tinhat>It doesn't seem entirely outside the realm of possibility
since this was found in the wild in Flame, which in turn is
suspected to be a state-sponsored cyber espionage tool... it gives
Microsoft a plausible cover story.</tinhat>
-- 
{ IRL(Jeremy_Stanley); WWW(http://fungi.yuggoth.org/); PGP(43495829);
WHOIS(STANL3-ARIN); SMTP(fungi at yuggoth.org); FINGER(fungi at yuggoth.org);
MUD(kinrui at katarsis.mudpy.org:6669); IRC(fungi at irc.yuggoth.org#ccl); }



More information about the cryptography mailing list