It is time to break Authenticode
jim bell
jimbell at pacifier.com
Sun Feb 23 18:23:12 PST 1997
At 08:09 PM 2/23/97 -0500, lucifer Anonymous Remailer wrote:
>Microsoft's recent arrogant and irresponsible reply to the Chaos
>Computer Club hack on ActiveX requires response. An effective response
>would be to steal the key of a major code signer and produce a signed,
>malicious ActiveX control. Such an attack would demonstrate the
>serious problems of Microsoft's security philosophy.
>
[trim]
>
>The best avenue of attack is stealing the secret key of a respected
>code signer. The target should be one of the major players, if not
>Microsoft itself. Someone is sloppy to store their secret key on a
>machine hooked to the Internet. Stealing it would be a very nice
>challenge. It should be doable.
I can think of an easier way. If the goal is simply to demonstrate that the
system can be broken, how about offering a not-insignificant amount of money
to anonymous person who manages to successfully get code signed? No
exposure is necessary, just the signature done once.
Jim Bell
jimbell at pacifier.com
More information about the cypherpunks-legacy
mailing list