On 12-6-2012 10:45, Ben Laurie wrote:
On Tue, Jun 12, 2012 at 8:24 AM, Marc Stevensm...@marc-stevens.nl wrote:
On 12-6-2012 0:59, Ralf-Philipp Weinmann wrote:
On 6/11/12 6:38 PM, Ondrej Mikle wrote:
On 06/11/2012 11:06 AM, Ben Laurie wrote:
On Mon, Jun 11, 2012 at 1:56 AM, Nico
On 06/12/2012 04:09 AM, Marc Stevens wrote:
They were limited to a millisecond time-window to request the original
cert for their attack to succeed.
That means they probably needed a lot more attempts than the 9 attempts
(over 4 weekends) we needed.
From Sotirov's
On Tue, Jun 12, 2012 at 10:51:59AM -0500, Marsh Ray wrote:
What is unclear is if there are any effective costs or rate
limitations on how often one can 'activate' an MSTS license server.
A compute cluster faster than 200 PS3s could cut down on the number
of license certs that were burned to
Hi Florian,
* Marsh Ray:
Marc Stevens and B.M.M. de Weger (of
http://www.win.tue.nl/hashclash/rogue-ca/) have been looking at the
collision in the evil CN=MS cert. I'm sure they'll have a full report
at some point. Until then, they have said this:
[We] have confirmed that flame
On 06/10/2012 03:03 PM, Florian Weimer wrote:
Does this mean they've seen the original certificate in addition to
the evil twin?
Until then, there is another explanation besides an advance in
cryptanalysis. Just saying. 8-)
I guess I look at it like this:
Start with the simplest
On 06/05/2012 07:21 AM, Douglas Pichardo wrote:
The last link below [http://rmhrisk.wpengine.com/?p=52] points out that
the sub-CA's were issued with constraints granting them:
- License Server Verification (1.3.6.1.4.1.311.10.6.2)
- Key Pack Licenses (1.3.6.1.4.1.311.10.6.1)
- Code Signing
These researchers have detailed the cert chain here:
http://blog.crysys.hu/2012/06/the-flame-malware-wusetupv-exe-certificate-chain/
If you like X509, you'll find this interesting.
I've attached copies for reference.
Microsoft is saying some strange things like:
2012/6/5 Marsh Ray ma...@extendedsubset.com
[...]
An excerpt:
That’s right, every single enterprise user of Microsoft Terminal Services
on the planet had a CA key that could issue as many code signing
certificates they wanted and for any name they wanted.
It sounds as if Windows users
I'm sure many readers of the list will have heard by now, some Microsoft
sub-CAs were used for signing malware.
For the record here's an excerpt from the MS release and to save
interested people time I've attached the revoked sub-CAs and their roots.
There is some tantalizing bits about
On 06/04/2012 02:41 AM, Marsh Ray wrote:
I've attached the revoked sub-CAs and their roots.
In case its not clear from the filenames (e.g. the email system drops
them) there were three certs revoked. These are the ones with
Licensing in the CN.
For convenience I also included the two root
It's also not clear about what could have been done with TS certificates.
Is it only codesigning, or TLS server as well?
--
Erwann.
Le 4 juin 2012 09:57, Marsh Ray ma...@extendedsubset.com a écrit :
In case its not clear from the filenames (e.g. the email system drops
them) there were three
On Mon, Jun 04, 2012 at 10:20:33AM +0200, Erwann Abalea wrote:
It's also not clear about what could have been done with TS certificates.
Is it only codesigning, or TLS server as well?
I'm surprised they can be used for code signing at all. TS (in its modern
incarnation) is a TLS-encapsulated
12 matches
Mail list logo