At 08:09 PM 2/23/97 -0500, lucifer Anonymous Remailer wrote:

Microsoft's recent arrogant and irresponsible reply to the Chaos Computer Club hack on ActiveX requires response. An effective response would be to steal the key of a major code signer and produce a signed, malicious ActiveX control. Such an attack would demonstrate the serious problems of Microsoft's security philosophy.

[trim]

The best avenue of attack is stealing the secret key of a respected code signer. The target should be one of the major players, if not Microsoft itself. Someone is sloppy to store their secret key on a machine hooked to the Internet. Stealing it would be a very nice challenge. It should be doable.

I can think of an easier way. If the goal is simply to demonstrate that the system can be broken, how about offering a not-insignificant amount of money to anonymous person who manages to successfully get code signed? No exposure is necessary, just the signature done once. Jim Bell jimbell@pacifier.com