Kama Sutra Spoofs Digital Certificates
Lance James
lancej at securescience.net
Wed Jan 25 14:18:19 EST 2006
Peter Gutmann wrote:
>Anne & Lynn Wheeler <lynn at garlic.com> writes:
>
>
>
>>The Kama Sutra worm can fool WIndows into accepting a malicious ActiveX control
>>by spoofing a digital signature, a security company said Tuesday.
>>
>>
>
>If you track down the original Fortinet advisory you'll see that the Information-
>Week text is slightly misleading, all it does is set the "this control is all
>right" flags in the registry to make Windows think it's passed a signature check
>at some point in the past.
>
>
Sounds like a "pseudo-Cache" attack then - is that not valid as a
"spoof" though?
There was an embedded SSL Cache attack a few years back, and that was
considered a man-in-the-middle spoof attack.
Is there a specific definition to that?
>Peter.
>
>
>---------------------------------------------------------------------
>The Cryptography Mailing List
>Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
>
>
>
>
--
Best Regards,
Lance James
Secure Science Corporation
www.securescience.net
Author of 'Phishing Exposed'
http://www.securescience.net/amazon/
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list