funsec mailing list archives

RE: Sunbelt: Gromozon Malware Digitally Signed by Thawte

From: "Alex Eckelberry" <AlexE () sunbelt-software com>
Date: Wed, 12 Sep 2007 20:01:22 -0400

Fyi, Verisign just notified me that the cert has been revoked.   

-----Original Message-----
From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org]
On Behalf Of Alex Eckelberry
Sent: Wednesday, September 12, 2007 5:39 PM
To: Valdis.Kletnieks () vt edu; Paul Ferguson
Cc: funsec () linuxbox org
Subject: RE: [funsec] Sunbelt: Gromozon Malware Digitally Signed by
Thawte

Ok, true, but it's not marketed as that, and it's not positioned as
that, and people believe this thing means that it's somehow safe.

From Thawte's website:


http://www.thawte.com/ssl-digital-certificates/code-signing/index.html?c
lick=main-nav-products-codesigning

# Gives your users recourse to the person who published it # Promotes
the Internet as a secure and viable platform for content distribution #
Inspires user confidence

And for chrissakes, this thing has been around for MONTHS.  We're only
breaking it now.  

Alex


 

-----Original Message-----
From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org]
On Behalf Of Valdis.Kletnieks () vt edu
Sent: Wednesday, September 12, 2007 3:42 PM
To: Paul Ferguson
Cc: funsec () linuxbox org
Subject: Re: [funsec] Sunbelt: Gromozon Malware Digitally Signed by
Thawte

On Wed, 12 Sep 2007 19:00:45 -0000, Paul Ferguson said:

It's stuff like this that sometimes makes you just throw your hands in

the air.

http://sunbeltblog.blogspot.com/2007/09/for-shame-thawte-trusts-gromoz
on.html


Unfortunately, that's Working As Designed.  Authentication vs
Authorization.

Thawte has certified that malware really *is* from Gromozon, and not
from some even sleazier entity pretending to be Gromozon.  That's all
they *claim* to do with their certificates.

Whether you should trust the signed contents, knowing they *are* from
Gromozon, is way out of scope for a certificate.

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread:

Sunbelt: Gromozon Malware Digitally Signed by Thawte Paul Ferguson (Sep 12)
- RE: Sunbelt: Gromozon Malware Digitally Signed by Thawte Larry Seltzer (Sep 12)
  - RE: Sunbelt: Gromozon Malware Digitally Signed by Thawte Alex Eckelberry (Sep 12)
- Re: Sunbelt: Gromozon Malware Digitally Signed by Thawte Valdis . Kletnieks (Sep 12)
  - RE: Sunbelt: Gromozon Malware Digitally Signed by Thawte Alex Eckelberry (Sep 12)
    - RE: Sunbelt: Gromozon Malware Digitally Signed by Thawte Alex Eckelberry (Sep 12)
    - Re: Sunbelt: Gromozon Malware Digitally Signed by Thawte Valdis . Kletnieks (Sep 14)
    - RE: Sunbelt: Gromozon Malware Digitally Signed by Thawte Larry Seltzer (Sep 14)