|
Full Disclosure
mailing list archives
Re: MSN Webcam / Chat Spoof
From: Valdis.Kletnieks () vt edu
Date: Mon, 12 May 2003 13:33:58 -0400
On Mon, 12 May 2003 10:09:32 EDT, "Richard M. Smith" <rms () computerbytesman com> said:
My question: Why can't an Authenticode certificate present the
following information to a user:
- Company name
- Street address
- Phone number
- Web site URL
- Contact Email address
- Company logo
- Link to a product description page
OK.. .So you get a cert - now other than "phone number", is there anything
there that *really* increases your confidence level (given that you have
2 http:// and a mailto: URL, and they could all point at a hijacked server)?
Remember that there has already been one well-publicized case of Verisign
issuing a bogus Microsoft cert - there's no proof they haven't made the
same social-engineering whoops on possibly *dozens* of lesser-known software
houses.
And after the dot-bombed era, there's probably a *lot* of places that had
certs and went belly up - and said certs went out the door when the servers
they were on got surplused. I'm sure snooping around the right hacker
IRC channels will find you a pointer to a black-market cert that you can have
a copy of....
Attachment:
_bin
Description:
 By Date 
By Thread
Current thread:
- RE: MSN Webcam / Chat Spoof, (continued)
RE: MSN Webcam / Chat Spoof John . Airey (May 13)
RE: MSN Webcam / Chat Spoof Christopher Harrington (May 13)
| 
Intro
