[145621] in cryptography@c2.net mail archive
Re: A mighty fortress is our PKI, Part II
daemon@ATHENA.MIT.EDU (David-Sarah Hopwood)
Wed Aug 4 21:37:31 2010
Date: Thu, 05 Aug 2010 02:30:18 +0100
From: David-Sarah Hopwood <david-sarah@jacaranda.org>
To: cryptography@metzdowd.com
In-Reply-To: <4C59BFB5.9080607@garlic.com>
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enigA0A987EFE0065705441F7A97
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Anne & Lynn Wheeler wrote:
> Kaspersky: Sham Certificates Pose Big Problem for Windows Security
> http://www.ecommercetimes.com/story/70553.html
>=20
> from above ..
>=20
> Windows fails to clearly indicate when digital security certificates
> have been tampered with, according to Kaspersky Lab's Roel Schouwenberg=
,
> and that opens a door for malware makers.
Huh? I don't understand the argument being made here.
Obviously Windows can't distinguish an unsigned executable from one where=
the was a signature that has been stripped. How could it possibly do that=
?
Signatures are largely a distraction from the real problem: that software=
is (unnecessarily) run with the full privileges of the invoking user.
By all means authenticate software, but that's not going to prevent malwa=
re.
--=20
David-Sarah Hopwood =E2=9A=A5 http://davidsarah.livejournal.com
--------------enigA0A987EFE0065705441F7A97
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.12 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iF4EAREIAAYFAkxaFDkACgkQWUc8YzyzqAe/dgD9GHaAVXhgMvU+3y0PI4j3OxBK
77YvWgcDvk4TypO/AeUA/A2vKAx4M84vVCPH1Vj4lyNn0pq1ulZCUH2yvgcCortW
=31pw
-----END PGP SIGNATURE-----
--------------enigA0A987EFE0065705441F7A97--
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
