[145915] in cryptography@c2.net mail archive
Re: Certificate-stealing Trojan
daemon@ATHENA.MIT.EDU (Rose, Greg)
Mon Sep 27 21:40:02 2010
From: "Rose, Greg" <ggr@qualcomm.com>
To: Steven Bellovin <smb@cs.columbia.edu>
CC: "Rose, Greg" <ggr@qualcomm.com>, Cryptography List
<cryptography@metzdowd.com>
Date: Mon, 27 Sep 2010 18:26:08 -0700
In-Reply-To: <5FC0DAF5-1B42-4F8D-826F-55F0BB21303D@cs.columbia.edu>
On 2010 Sep 24, at 12:47 , Steven Bellovin wrote:
> Per http://news.softpedia.com/news/New-Trojan-Steals-Digital-Certificates=
-157442.shtml there's a new Trojan out there that looks for a steals Cert_*=
.p12 files -- certificates with private keys. Since the private keys are p=
assword-protected, it thoughtfully installs a keystroke logger as well....
Ah, the irony of a trojan stealing something that, because of lack of PKI, =
is essentially useless anyway...
100 years from now they'll be blaming the trojan for lack of a certificate =
infrastructure.
Greg.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
