[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: It is time to break Authenticode

To: [email protected] (lucifer Anonymous Remailer), [email protected]
Subject: Re: It is time to break Authenticode
From: jim bell <[email protected]>
Date: Sun, 23 Feb 1997 18:24:55 -0800
Sender: [email protected]

At 08:09 PM 2/23/97 -0500, lucifer Anonymous Remailer wrote:
>Microsoft's recent arrogant and irresponsible reply to the Chaos
>Computer Club hack on ActiveX requires response. An effective response
>would be to steal the key of a major code signer and produce a signed,
>malicious ActiveX control. Such an attack would demonstrate the
>serious problems of Microsoft's security philosophy.
>
[trim]
>
>The best avenue of attack is stealing the secret key of a respected
>code signer. The target should be one of the major players, if not
>Microsoft itself. Someone is sloppy to store their secret key on a
>machine hooked to the Internet. Stealing it would be a very nice
>challenge. It should be doable.

I can think of an easier way.  If the goal is simply to demonstrate that the 
system can be broken, how about offering a not-insignificant amount of money 
to anonymous person who manages to successfully get code signed?  No 
exposure is necessary, just the signature done once.



Jim Bell
[email protected]

Prev by Date: Re: CIA Lie
Next by Date: Re: MULTI-JURISDICTIONAL TAXATION OF ELECTRONIC COMMERCE
Prev by thread: It is time to break Authenticode
Next by thread: Distributed cracks, law, and cryptoanarchy
Index(es):
- Date
- Thread