nanog mailing list archives

RE: M$ CD patches

From: "Michel Py" <michel () arneill-py sacramento ca us>
Date: Sat, 21 Feb 2004 15:30:47 -0800

Sean Donelan wrote:
Regardless of the distribution method, geniune Microsoft
patches are always cryptographically signed by Microsoft.
Whether consumers can figure out how to check the signature
is a different question.


Lots can't. I recently put a fake "identity seal" on my personal web
site (go to https://arneill-py.sacramento.ca.us and put the mouse cursor
over the padlock on the left).

It's completely bogus: not only the artwork has been greatly inspired by
Comodo's thing (view the real thing here:
http://www.instantssl.com/ssl-certificate-products/ssl-certificate-trust
logo.html) when the actual SSL certificate comes from freessl.com, but
it also works even if you view the insecure page
http://arneill-py.sacramento.ca.us/.

Besides, I do not have a credit card processing system, although I do
accept donations in cash and gold bullions.

So, what you're looking at is nothing more than a little photoshop and
javascript.

Guess what: I have received many questions that say in substance "how
much does it cost to get the same seal as yours and can you come install
it on my web server?"

Michel.

Current thread:

M$ CD patches David Lesher (Feb 21)
- <Possible follow-ups>
- RE: M$ CD patches Michel Py (Feb 21)
  - RE: M$ CD patches Sean Donelan (Feb 21)
    - Re: M$ CD patches David Lesher (Feb 21)
    - Re: M$ CD patches Sean Donelan (Feb 21)
- RE: M$ CD patches Michel Py (Feb 21)