Microsoft just released more info:
http://blogs.technet.com/b/srd/archive/2012/06/06/more-information-about-the-digital-certificates-used-to-sign-the-flame-malware.aspx
It turns out that this:
echo '30 1a 06 08 2b 06 01 04 01 82 37 12 01 01 ff 04 0b 16 09 54 4c 53 7e 42 41 53 49 43'|xxd -r -p|openssl asn1parse -dump -inform der 0:d=0 hl=2 l= 26 cons: SEQUENCE 2:d=1 hl=2 l= 8 prim: OBJECT :1.3.6.1.4.1.311.18 <-- a MS Terminal Services licensing specific OID 12:d=1 hl=2 l= 1 prim: BOOLEAN :255 <-- "critical" attribute 15:d=1 hl=2 l= 11 prim: OCTET STRING 0000 - 16 09 54 4c 53 7e 42 41-53 49 43 ..TLS~BASIC
The fact that this custom OID was marked critical was in fact the sole reason that the attackers needed to do an MD5 collision at all.
- Marsh _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography