>> My question is: how easy is it for someone who can gain access to the
>> users computer (either physically or through a trojan) to COPY a
>> security certificate and install it on another browser? Does anyone
>> know?
>
Therefore, the likelyhood of a trojan being
>able to steal the cert from the browser is very remote, if even possible
>at all.
>
Here's the thing. I use to work for a company about two years ago where I was asked
to move a certificate from one computer to another. The certificates are password
protected and the person owning the certificate had logged in not to long ago. Once
they enter the password to use the certificate, they are capable of using it
continiously until they logout.
So I went ahead and exported the certificate from Netscape, saved it on disk, and
imported it into MSIE on another computer. Now this may be just an IE thing, but the
certificate never asked for a password again. Which allowed anybody to use it.
The Moral of the story is, if you suspect somebody is going to rob you, don't let then
use your computer first. As far as viruses are concerned, I'm not sure if there are
command line arguments for browsers to export certificates. Remember, certificates
still need a password to work. So just make sure its a good one.
Khurram Khan
==
2 cents worth?
http://two-cents-worth.com/?135153
_____________________________________________________________
Get email for your site ---> http://www.everyone.net
---
You are currently subscribed to e-gold-list as: archive@jab.org
To unsubscribe send a blank email to [EMAIL PROTECTED]
