These researchers have detailed the cert chain here:
http://blog.crysys.hu/2012/06/the-flame-malware-wusetupv-exe-certificate-chain/
If you like X509, you'll find this interesting.
I've attached copies for reference.
Microsoft is saying some strange things like:
2012/6/5 Marsh Ray ma...@extendedsubset.com
[...]
An excerpt:
That’s right, every single enterprise user of Microsoft Terminal Services
on the planet had a CA key that could issue as many code signing
certificates they wanted and for any name they wanted.
It sounds as if Windows users
Thierry Moreau thierry.mor...@connotech.com writes:
Unless automated SSH sessions are needed (which is a different problem
space), the SSH session is directly controlled by a user. Then, the private
key is stored encrypted on long term storage (swap space vulnerability
remaining, admittedly) and
passwords are insecure, PKCs are secure, therefore anything
that uses PKCs is magically made secure
Well as you said, you have to look at what happens in the real world. I would
argue PKCs make things obscure, which buys you a fair amount of security until
some undetermined point in time
Hi Peter,
Replying on the thinking process, not on the fundamentals at this time
(we seem to agree on the characteristics of PKC vs else).
Peter Gutmann wrote:
Thierry Moreau thierry.mor...@connotech.com writes:
Unless automated SSH sessions are needed (which is a different problem
space),
Thanks for that, that is all that is needed to get the idea. (I was
hoping for some objective standard rather than a current-technology
taxonomy.)
iang
On 2/06/12 23:15 PM, Joe St Sauver wrote:
ianG asked:
#Would it be possible to describe in general words what LOA-1 thru 4 entails?
I