funsec mailing list archives
RE: Sunbelt: Gromozon Malware Digitally Signed by Thawte
From: "Alex Eckelberry" <AlexE () sunbelt-software com>
Date: Wed, 12 Sep 2007 20:01:22 -0400
Fyi, Verisign just notified me that the cert has been revoked. -----Original Message----- From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org] On Behalf Of Alex Eckelberry Sent: Wednesday, September 12, 2007 5:39 PM To: Valdis.Kletnieks () vt edu; Paul Ferguson Cc: funsec () linuxbox org Subject: RE: [funsec] Sunbelt: Gromozon Malware Digitally Signed by Thawte Ok, true, but it's not marketed as that, and it's not positioned as that, and people believe this thing means that it's somehow safe.
From Thawte's website:
http://www.thawte.com/ssl-digital-certificates/code-signing/index.html?c lick=main-nav-products-codesigning # Gives your users recourse to the person who published it # Promotes the Internet as a secure and viable platform for content distribution # Inspires user confidence And for chrissakes, this thing has been around for MONTHS. We're only breaking it now. Alex -----Original Message----- From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org] On Behalf Of Valdis.Kletnieks () vt edu Sent: Wednesday, September 12, 2007 3:42 PM To: Paul Ferguson Cc: funsec () linuxbox org Subject: Re: [funsec] Sunbelt: Gromozon Malware Digitally Signed by Thawte On Wed, 12 Sep 2007 19:00:45 -0000, Paul Ferguson said:
It's stuff like this that sometimes makes you just throw your hands in
the air. http://sunbeltblog.blogspot.com/2007/09/for-shame-thawte-trusts-gromoz on.html
Unfortunately, that's Working As Designed. Authentication vs Authorization. Thawte has certified that malware really *is* from Gromozon, and not from some even sleazier entity pretending to be Gromozon. That's all they *claim* to do with their certificates. Whether you should trust the signed contents, knowing they *are* from Gromozon, is way out of scope for a certificate. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Sunbelt: Gromozon Malware Digitally Signed by Thawte Paul Ferguson (Sep 12)
- RE: Sunbelt: Gromozon Malware Digitally Signed by Thawte Larry Seltzer (Sep 12)
- RE: Sunbelt: Gromozon Malware Digitally Signed by Thawte Alex Eckelberry (Sep 12)
- Re: Sunbelt: Gromozon Malware Digitally Signed by Thawte Valdis . Kletnieks (Sep 12)
- RE: Sunbelt: Gromozon Malware Digitally Signed by Thawte Alex Eckelberry (Sep 12)
- RE: Sunbelt: Gromozon Malware Digitally Signed by Thawte Alex Eckelberry (Sep 12)
- Re: Sunbelt: Gromozon Malware Digitally Signed by Thawte Valdis . Kletnieks (Sep 14)
- RE: Sunbelt: Gromozon Malware Digitally Signed by Thawte Larry Seltzer (Sep 14)
- RE: Sunbelt: Gromozon Malware Digitally Signed by Thawte Alex Eckelberry (Sep 12)
- RE: Sunbelt: Gromozon Malware Digitally Signed by Thawte Larry Seltzer (Sep 12)