A mighty fortress is our PKI, Part II

Stefan Kelm skelm at bfk.de
Wed Jul 28 09:19:29 EDT 2010


Peter,

> In any case though the whole thing is really a moot point given the sucking 
> void that is revocation-handling, the Realtek certificate was revoked on the 
> 16th but one of my spies has informed me that as of yesterday it was still 
> regarded as valid by Windows.  

I can confirm that, at least for XP SP3: revocation just doesn't
matter. What's even more worrying is the fact that one of the
stuxnet/tmphider variants used the lnk exploit to install a dll signed
w/ the (expired) Realtek key but w/ a *broken* signature in the first
place. Still, it doesn't matter altough, as wireshark tells me, the
host connects to microsoft.com in order to fetch certificates.
When looking at the file properties, though, Windows tells you
that "this digital signature is not valid" ...  :-(

Cheers,

	Stefan.

-- 
Stefan Kelm                   <skelm at bfk.de>
BFK edv-consulting GmbH       http://www.bfk.de/
Kriegsstrasse 100             Tel: +49-721-96201-1
D-76133 Karlsruhe             Fax: +49-721-96201-99

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list