I wrote: >Jon Callas <j...@callas.org> writes: >>As Andy Steingruebl pointed out, there are a lot of malware certs that are >>stolen, so this data needs to be normalized against market share. > >Ah, good point. There are some in there that were explicitly sold by CAs to >malware authors, e.g. the "BUSTER ASSISTENCIA TECNICA ELETRONICA LTDA - ME" >was sold by Digicert to a fake company, A/V vendors got it revoked and the >malware authors went straight back and got another cert for "Buster Paper >Comercial Ltda", the discussion is at >http://blog.malwarebytes.org/intelligence/2013/02/digital-certificates-and-malware-a-dangerous-mix, >and there have been cases of others being sold as well, but for this >particular list we don't know which were sold and which were stolen.
Here's another one from the list where the CA, in this case DigiCert, was happy to sell a code-signing certificate to a defunct French car sales company at the request of someone located in northwest Africa (none of this apparently raised any suspicions with them): http://www.welivesecurity.com/2013/02/21/code-certificate-laissez-faire-banking-trojans. (Thanks to Jeffrey Walton for the heads-up). So the stolen vs. fraudulently-issued balance may not be as far in the "stolen" direction after all. If it's that easy to buy a cert straight from the vending machi^H^H^HCA, why bother stealing? Peter. _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
