Peter,
In any case though the whole thing is really a moot point given the sucking
void that is revocation-handling, the Realtek certificate was revoked on the
16th but one of my spies has informed me that as of yesterday it was still
regarded as valid by Windows.
I can confirm that, at least for XP SP3: revocation just doesn't
matter. What's even more worrying is the fact that one of the
stuxnet/tmphider variants used the lnk exploit to install a dll signed
w/ the (expired) Realtek key but w/ a *broken* signature in the first
place. Still, it doesn't matter altough, as wireshark tells me, the
host connects to microsoft.com in order to fetch certificates.
When looking at the file properties, though, Windows tells you
that "this digital signature is not valid" ... :-(
Cheers,
Stefan.
--
Stefan Kelm <[email protected]>
BFK edv-consulting GmbH http://www.bfk.de/
Kriegsstrasse 100 Tel: +49-721-96201-1
D-76133 Karlsruhe Fax: +49-721-96201-99
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [email protected]
