From noloader@gmail.com Fri Jul 6 02:36:06 2018 From: Jeffrey Walton To: cypherpunks-legacy@lists.cpunks.org Subject: [cryptography] [OT] Reworked Version of Stuxnet Relative Duqu Found in Iran Date: Fri, 06 Jul 2018 02:36:06 +0000 Message-ID: <172289272092.3881296.3587581710828813901.generated@mail.pglaf.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============5124633922687921040==" --===============5124633922687921040== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Hi Guys, >From "Reworked Version of Stuxnet Relative Duqu Found in Iran," http://www.securitynewsdaily.com/1642-stuxnet-duqu-iran.html: Duqu's builders also changed its encryption algorithm and rigged the malware loader to pose as a Microsoft driver. (The old driver was signed with a stolen Microsoft certificate.) Is the stolen certificate related to Diginotar or some other incident? Microsoft claims Diginotar issued certificates are inert (http://www.computerworld.com/s/article/9219729/Microsoft_Stolen_SSL_certs_ca= n_t_be_used_to_install_malware_via_Windows_Update). Perhaps "Stolen encryption key the source of compromised certificate problem, Symantec says," http://computerworld.co.nz/news.nsf/security/stolen-encryption-key-the-source= -of-compromised-certificate-problem-symantec-says? Jeff _______________________________________________ cryptography mailing list cryptography(a)randombit.net http://lists.randombit.net/mailman/listinfo/cryptography ----- End forwarded message ----- --=20 Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE --===============5124633922687921040==--