In any case though the whole thing is really a moot point given the sucking void that is revocation-handling, the Realtek certificate was revoked on the 16th but one of my spies has informed me that as of yesterday it was still regarded as valid by Windows.

I can confirm that, at least for XP SP3: revocation just doesn't
matter. What's even more worrying is the fact that one of the
stuxnet/tmphider variants used the lnk exploit to install a dll signed
w/ the (expired) Realtek key but w/ a *broken* signature in the first
place. Still, it doesn't matter altough, as wireshark tells me, the
host connects to in order to fetch certificates.
When looking at the file properties, though, Windows tells you
that "this digital signature is not valid" ...  :-(



Stefan Kelm                   <>
BFK edv-consulting GmbH
Kriegsstrasse 100             Tel: +49-721-96201-1
D-76133 Karlsruhe             Fax: +49-721-96201-99

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to

Reply via email to