Full Disclosure mailing list archives

trust? - win2k source code tools

From: "morning_wood" <se_cur_ity () hotmail com>
Date: Mon, 16 Feb 2004 13:55:05 -0800

NOW EVERY EXECUTABLE IS TRUSTED AND DIGITALY SIGNED

found this interesting...
\win2k\private\inet\mshtml\build\scripts\tools\x86

iexpress.exe 
signcode.exe
makecert.exe ( DigSig.dll )

( in fast food voice ) and who would you like your package to be certified
from today sir?
\win2k\private\ispu\pkitrust\initpki\certs\



looks like the viri / trojan kiddies will have some fun with this.
yikes to PE format executables.

alas... i could be wrong,

m.wood

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

trust? - win2k source code tools morning_wood (Feb 16)
- Re: trust? - win2k source code tools Sander (Feb 16)
  - Re: trust? - win2k source code tools Valdis . Kletnieks (Feb 16)
  - Re: trust? - win2k source code tools Cael Abal (Feb 16)
- RE: trust? - win2k source code tools Alan.l1 (Feb 17)
- RE: trust? - win2k source code tools Mike Fratto (Feb 17)
- <Possible follow-ups>
- RE: trust? - win2k source code tools Sergey V. Gordeychik (Feb 17)