A mighty fortress is our PKI, Part II
David-Sarah Hopwood
david-sarah at jacaranda.org
Wed Aug 4 21:30:18 EDT 2010
Anne & Lynn Wheeler wrote:
> Kaspersky: Sham Certificates Pose Big Problem for Windows Security
> http://www.ecommercetimes.com/story/70553.html
>
> from above ..
>
> Windows fails to clearly indicate when digital security certificates
> have been tampered with, according to Kaspersky Lab's Roel Schouwenberg,
> and that opens a door for malware makers.
Huh? I don't understand the argument being made here.
Obviously Windows can't distinguish an unsigned executable from one where
the was a signature that has been stripped. How could it possibly do that?
Signatures are largely a distraction from the real problem: that software
is (unnecessarily) run with the full privileges of the invoking user.
By all means authenticate software, but that's not going to prevent malware.
--
David-Sarah Hopwood ⚥ http://davidsarah.livejournal.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 292 bytes
Desc: OpenPGP digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20100805/a3bb54c2/attachment.pgp>
More information about the cryptography
mailing list