Full Disclosure mailing list archives
RE: trust? - win2k source code tools
From: "Mike Fratto" <mfratto () nwc com>
Date: Tue, 17 Feb 2004 13:46:35 -0500
NOW EVERY EXECUTABLE IS TRUSTED AND DIGITALY SIGNED found this interesting... \win2k\private\inet\mshtml\build\scripts\tools\x86 iexpress.exe signcode.exe makecert.exe ( DigSig.dll ) ( in fast food voice ) and who would you like your package to be certified from today sir? \win2k\private\ispu\pkitrust\initpki\certs\
Nah, unless the private keys were in the directory, all you have are tools to sign a binary. Big deal. The signatures aren't "trusted" until the target has the certificate with the corresponding public key in the localkey store. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- trust? - win2k source code tools morning_wood (Feb 16)
- Re: trust? - win2k source code tools Sander (Feb 16)
- Re: trust? - win2k source code tools Valdis . Kletnieks (Feb 16)
- Re: trust? - win2k source code tools Cael Abal (Feb 16)
- RE: trust? - win2k source code tools Alan.l1 (Feb 17)
- RE: trust? - win2k source code tools Mike Fratto (Feb 17)
- <Possible follow-ups>
- RE: trust? - win2k source code tools Sergey V. Gordeychik (Feb 17)
- Re: trust? - win2k source code tools Sander (Feb 16)