Some time, like 2 or 3 years ago some group registered their Own Certs in the name of Microsoft Corporation. http://slashdot.org/articles/01/03/22/1947233.shtml LG
----- Original Message ----- From: "Nick FitzGerald" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, October 29, 2003 8:05 AM Subject: Re: [Full-Disclosure] [Bogus] Microsoft AuthenticodeT webcam viewer plugin > "morning_wood" <[EMAIL PROTECTED]> wrote: > > > funny, didnt know Micro$oft had a > > "Microsoft AuthenticodeT webcam viewer plugin " > > ... guess there trying to make up for lost revenue by > > going into the East European live teen webcam business > <<snip>> > > FWIW, I think the biggest "problem" here is that a CA (Thawte in this > case) allows code-signing certificates with such ambiguous "names" as > "Browser Plugin" -- they should, for example, require at least some > minimum indication that this is from "Browser Plugin Inc" or "Browser > Plugin Ltd" or whatever. Would they allow a cert in the company name > "IE Plugins" too? Think about the surrounding text and see how > creative can you can be in dreaming up a phrase you'd like to drop in > there to improve your SE chances... > > > Regards, > > Nick FitzGerald > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html