Jon Callas <j...@callas.org> writes: >As Andy Steingruebl pointed out, there are a lot of malware certs that are >stolen, so this data needs to be normalized against market share.
Ah, good point. There are some in there that were explicitly sold by CAs to malware authors, e.g. the "BUSTER ASSISTENCIA TECNICA ELETRONICA LTDA - ME" was sold by Digicert to a fake company, A/V vendors got it revoked and the malware authors went straight back and got another cert for "Buster Paper Comercial Ltda", the discussion is at http://blog.malwarebytes.org/intelligence/2013/02/digital-certificates-and-malware-a-dangerous-mix, and there have been cases of others being sold as well, but for this particular list we don't know which were sold and which were stolen. >Why pick on the CAs at all? It wasn't necessarily picking on them, I'd just been following the postings to the log and was wondering what the stats were. >An alliance of the platforms and the anti-malware people would make it >unnecessary to even have a CA-issued code signing cert. Which is why it'll probably never happen, sigh. Peter. _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography