Peter Gutmann wrote:
>Anne & Lynn Wheeler <[EMAIL PROTECTED]> writes:
>
>
>
>>The Kama Sutra worm can fool WIndows into accepting a malicious ActiveX
>>control
>>by spoofing a digital signature, a security company said Tuesday.
>>
>>
>
>If you track down the original Fortinet advisory you'll see that the
>Information-
>Week text is slightly misleading, all it does is set the "this control is all
>right" flags in the registry to make Windows think it's passed a signature
>check
>at some point in the past.
>
>
Sounds like a "pseudo-Cache" attack then - is that not valid as a
"spoof" though?
There was an embedded SSL Cache attack a few years back, and that was
considered a man-in-the-middle spoof attack.
Is there a specific definition to that?
>Peter.
>
>
>-
>The Cryptography Mailing List
>Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
>
>
>
>
--
Best Regards,
Lance James
Secure Science Corporation
www.securescience.net
Author of 'Phishing Exposed'
http://www.securescience.net/amazon/
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]