On Sep 1, 2013, at 10:35 PM, James A. Donald wrote:
>> Meanwhile, on the authentication side, Stuxnet provided evidence that the
>> secret community *does* have capabilities (to conduct a collision attacks)
>> beyond those known to the public - capabilities sufficient to produce fake
>> Windows updates.
>
> Do we know they produced fake windows updates without assistance from
> Microsoft?
For some version of "know". From
http://arstechnica.com/security/2012/06/flame-malware-was-signed-by-rogue-microsoft-certificate/:
"Microsoft released an emergency Windows update on Sunday after revealing that
one of its trusted digital signatures was being abused to certify the validity
of the Flame malware that has infected computers in Iran and other Middle
Eastern Countries.
The compromise exploited weaknesses in Terminal Server, a service many
enterprises use to provide remote access to end-user computers. By targeting an
undisclosed encryption algorithm Microsoft used to issue licenses for the
service, attackers were able to create rogue intermediate certificate
authorities that contained the imprimatur of Microsoft's own root authority
certificate—an extremely sensitive cryptographic seal. Rogue intermediate
certificate authorities that contained the stamp were then able to trick
administrators and end users into trusting various Flame components by falsely
certifying they were produced by Microsoft....
Based on the language in Microsoft's blog posts, it's impossible to rule out
the possibility that at least one of the certificates revoked in the update was
... created using [previously reported] MD5 weaknesses [which allowed collision
attacks]. Indeed, two of the underlying credentials used MD5, while the third
used the more advanced SHA-1 algorithm. In a Frequently Asked Questions section
of Microsoft Security Advisory (2718704), Microsoft's security team also said:
"During our investigation, a third Certificate Authority has been found to have
issued certificates with weak ciphers." The advisory didn't elaborate."
-- Jerry
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
