North Myrtle Beach, SC
reply to Brano
Re: Flame: Massive cyber-attack discovered, researchers say Excellent Article...not only about how it came down..but also who was at risk..and better yet who might be at risk in the future and why.
Flames and collisions
Posted on Jun 7, 2012 by Jeff
Having a Microsoft code signing certificate is the Holy Grail of malware writers. This has now happened.Mikko Hypponen
Unless you are a system administrator for a government institution in or around the Middle East you do not need to worry about Flame infecting your computer. Flame (also known as Flamer and skywiper) itself is not a security concern except to a very narrow, targeted group. Quite simply you dont need to worry about being infected by Flame, and antivirus vendors who suggest otherwise may be engaging in fear mongering.
With so few people in danger of Flame, why am I writing about it? Good question. Im writing about it because one of the methods used in Flame has the potential of undermining a crucial part of computer security. The authors of Flame have the ability to subvert the Windows Update process. Whatever Flame itself does or doesnt do, the fact that its authors acquired the capability to distribute fake updates to Microsoft Windows is cause for serious concern.
Software updates and chains of trust
I have previously written about how an important part of computer security is ensuring that your software updates come from the right place. You dont want someone who pretends to be AgileBits giving you malicious updates to 1Password. And you dont want someone who pretends to be Microsoft giving you malicious Windows Updates. The methods used for digitally signing downloads and updates involves some mathematical magic and a Chain of Trust. In the summer 2011, we saw, in the example of DigiNotar, what can happen when someone finds a way to insert themselves into the chain of trust.
These two articles, Who do you trust to tell you who to trust? and A peek over the Gatekeeper explain the security infrastructure Ill be writing about here. You will see terms like Certificate Authority or Man in the Middle attack in this post, but they are more fully explained and illustrated in those other posts.
read more here
Gladiator Security Forum
StuartMWWho Is John Galt?PremiumReviews:
What I got out of the article.
What we do know is the bogus certificates for signing Windows Updates were created, and we know what Microsoft has said about it. We know that CAs using MD5 in their digital signatures are vulnerable in the way discussed, and we know that that the bogus certificates were signed by those weak CAs.
quote:Read "Nation State" but which one?
The cryptanalytic technique used to create the MD5 collision is new. It isnt radically different than previous known techniques, but this is using a technique that would have taken a great deal of expertise to develop.
Don't feed trolls--it only makes them grow!