On Fri, Sep 28, 2012 at 8:13 AM, ianG <i...@iang.org> wrote: > Thanks for that - for a security risk analysis I did last year, I've added > it to a small history of attacks and similar events against PKI: > http://wiki.cacert.org/Risk/History You also have http://www.mozilla.org/security/announce/2006/mfsa2006-60.html:
"... Because the set of root Certificate Authorities that ship with Mozilla clients contain some with an exponent of 3 it was possible to make up certificates, such as SSL/TLS and email certificates, that were not detected as invalid." Jeff > On 28/09/12 07:49 AM, Jeffrey Walton wrote: >> >> http://blogs.adobe.com/asset/2012/09/inappropriate-use-of-adobe-code-signing-certificate.html >> >> We recently received two malicious utilities that appeared to be >> digitally signed using a valid Adobe code signing certificate. The >> discovery of these utilities was isolated to a single source. As soon >> as we verified the signatures, we immediately decommissioned the >> existing Adobe code signing infrastructure and initiated a forensics >> investigation to determine how these signatures were created. We have >> identified a compromised build server with access to the Adobe code >> signing infrastructure. We are proceeding with plans to revoke the >> certificate and publish updates for existing Adobe software signed >> using the impacted certificate. This only affects the Adobe software >> signed with the impacted certificate that runs on the Windows platform >> and three Adobe AIR applications* that run on both Windows and >> Macintosh. The revocation does not impact any other Adobe software for >> Macintosh or other platforms. >> >> Sophisticated threat actors use malicious utilities like the signed >> samples during highly targeted attacks for privilege escalation and >> lateral movement within an environment following an initial machine >> compromise. As a result, we believe the vast majority of users are not >> at risk. We have shared the samples via the Microsoft Active >> Protection Program (MAPP) so that security vendors can detect and >> block the malicious utilities. >> >> Customers should not notice anything out of the ordinary during the >> certificate revocation process. Details about what to expect and a >> utility to help determine what steps, if any, a user can take are >> available on the support page on Adobe.com. >> ... _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography