[Cryptography] Sony-certified malware
leichter at lrw.com
Wed Dec 10 17:01:04 EST 2014
On Dec 10, 2014, at 1:17 PM, Henry Baker <hbaker1 at pipeline.com> wrote:
> FYI -- Some thoughts come to mind: "kicking them when they're down", "shooting the wounded", "what goes around, comes around" ...
> Of course, this certificate has been revoked, so there's no problem, right ?
> Sony attackers also stole certificates to sign malware....
Apropos a thread about concern in the financial sector: Signing games containing malware *after the attack has been made public* is amateur stuff. Imagine getting access to a bank's signing authority and issuing some big money transfers. (Even if the bank has an HSM and you can't actually extract the private keys, a Sony-level attack could well give you a way to create the necessary orders and have the HSM sign them for you.)
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 4813 bytes
Desc: not available
More information about the cryptography