Full Disclosure mailing list archives
Re: [Full Disclosure] Unauthorized Digital Certificates Could Allow Spoofing
From: Georgi Guninski <guninski () guninski com>
Date: Mon, 4 Jun 2012 20:33:16 +0300
Thank you all for the information :) On Mon, Jun 04, 2012 at 03:06:41PM +0100, imipak wrote:
what does this mean? m$ inadvertently gave signing rights to lusers, they got rooted orsomething else?http://blogs.technet.com/b/srd/archive/2012/06/03/microsoft-certification-authority-signing-certificates-added-to-the-untrusted-certificate-store.aspx says: "[..] certificates issued by our Terminal Services licensing certification authority, which are intended to only be used for license server verification, could also be used to sign code as Microsoft. Specifically, when an enterprise customer requests a Terminal Services activation license, the certificate issued by Microsoft in response to the request allows code signing without accessing Microsoft’s internal PKI infrastructure." -i -- wake up the past and tell it to stay away
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: [Full Disclosure] Unauthorized Digital Certificates Could Allow Spoofing imipak (Jun 04)
- Re: [Full Disclosure] Unauthorized Digital Certificates Could Allow Spoofing Georgi Guninski (Jun 04)