David-Sarah Hopwood <david-sa...@jacaranda.org> writes: >Huh? I don't understand the argument being made here.
It's a bogus argument, the text says: He took a legitimate software package and removed the signature of the digital certificate it contained, then installed the package on his computer. The Installer application didn't indicate that the certificate had been modified. The certificate wasn't modified, they just stripped the signature from the executable. "Only an expert will be able to detect a problem," Schouwenberg said. "And all Microsoft will tell you is that the file is not signed." And what else should Windows say? "We put this through our time machine and noticed that at some time in the past it was signed and now it isn't"? The rest of the story isn't much better: The Stuxnet worm, which surfaced last month, used fake Verisign digital certificates No, they were genuine certs, just in the wrong hands. Peter. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com
