IWETHEY v. 0.3.0 | TODO
1,095 registered users | 1 active user | 0 LpH | Statistics
Login | Create New User
IWETHEY Banner

Welcome to IWETHEY!

IWETHEY Home / IWETHEY Board / General Q&A Forum / Windows security, take 2718704
Post #358,462
by scoenye
6/5/12 8:14:34 PM
6/5/12 8:15:03 PM
Reply
New Windows security, take 2718704
I suppose by now everyone knows about the Flame trojan given is even reached the MSM. It turns out it got a little help... This rather quietly snuck out a couple of days ago:

http://www.theregist...oft_douses_flame/
some components of the malware have been signed by certificates that allow software to appear as if it was produced by Microsoft. We identified that an older cryptography algorithm could be exploited and then be used to sign code as if it originated from Microsoft. Specifically, our Terminal Server Licensing Service, which allowed customers to authorize Remote Desktop services in their enterprise, used that older algorithm and provided certificates with the ability to sign code

:-/

I guess they also leave loaded guns by the kiddie pool...
Expand Edited by scoenye June 5, 2012, 08:15:03 PM EDT
Expand All History
Post #358,466
by Another Scott
6/5/12 8:54:31 PM
Reply
New :-)
Post #358,467
by static
Picture of static
6/5/12 9:00:14 PM
Reply
New All it takes is one hole...
Just Add Story http://justaddstory.wordpress.com/
Post #358,473
by folkert
Picture of folkert
6/5/12 10:32:27 PM
Reply
New What was it I said once...
If want to tinker, use Linux. If you want to be scared use Windows!
Post #358,480
by scoenye
6/5/12 11:32:50 PM
Reply
New This is more like a shovel...
Post #358,482
by folkert
Picture of folkert
6/6/12 12:32:23 AM
Reply
New Re: This is more like a Krupp V CAT D8R
http://www.youtube.c...tch?v=jn1DhPjnCGM

Yeah... its that big.
Post #358,613
by crazy
6/7/12 4:42:42 PM
Reply
New So what is the downside?
Does anyone use those certs legitimately?
What happens when they stop working?
Post #358,630
by folkert
Picture of folkert
6/7/12 10:30:21 PM
Reply
New Re: So what is the downside?
The thing about this...

if you look hard enough, you will find Malware already signed by some these signing capable certificates. And the software installs just like it is from Microsoft. Sort of like the "code" the rebels stole to get onto the Moon of Endor to destroy the shield generator. "Its an old code, but it checks out"

Which means, until it expires, and yes they have a short window of usage... but think about how quickly these things spread.

A few days or a week is all it would take to get a good foothold and then, continue with a new cert and on and on and on.
     Windows security, take 2718704 - (scoenye) - (7) - June 5, 2012, 08:15:03 PM EDT
         :-) -NT - (Another Scott) - June 5, 2012, 08:54:31 PM EDT
         All it takes is one hole... -NT - (static) - (3) - June 5, 2012, 09:00:14 PM EDT
             What was it I said once... - (folkert) - June 5, 2012, 10:32:27 PM EDT
             This is more like a shovel... -NT - (scoenye) - (1) - June 5, 2012, 11:32:50 PM EDT
                 Re: This is more like a Krupp V CAT D8R - (folkert) - June 6, 2012, 12:32:23 AM EDT
         So what is the downside? - (crazy) - (1) - June 7, 2012, 04:42:42 PM EDT
             Re: So what is the downside? - (folkert) - June 7, 2012, 10:30:21 PM EDT

We still think digital watches are a pretty neat idea.
176 ms