> What happens if the bad guy just strips the signature? What are the > circumstances under which an OS or user+OS will refuse to run code that just > isn't signed at all?
In the case of Microsoft Clickonce, the Install Dialog is changed from "Publisher: Discount Bob's Software & Hanggliding" to "Publisher: Unknown Publisher" and the icon from a yellow shield to a red shield. I took a look at Man-in-the-Middling Clickonce deployments last summer. Stripped the signature, decompiled to IL, injected code, and recompiled all as part of a transparent proxy. http://seclists.org/bugtraq/2010/Jul/164 A similar project is Evilgrade: http://blog.infobytesec.com/2010/10/evilgrade-20-update-explotation.html although that's a framework for targeting different applications, each one possibly behaving differently. -tom _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
