how-to block ads
|
|
Share Topic
 |
 |
|
|
|
 Name GamePremium
join:2002-07-07
North Myrtle Beach, SC
kudos:7 | reply to Brano
Re: Flame: Massive cyber-attack discovered, researchers say Excellent Article...not only about how it came down..but also who was at risk..and better yet who might be at risk in the future and why.
Flames and collisions
Posted on Jun 7, 2012 by Jeff
Having a Microsoft code signing certificate is the Holy Grail of malware writers. This has now happened.—Mikko Hypponen
Unless you are a system administrator for a government institution in or around the Middle East you do not need to worry about Flame infecting your computer. Flame (also known as “Flamer” and “skywiper”) itself is not a security concern except to a very narrow, targeted group. Quite simply you don’t need to worry about being infected by Flame, and antivirus vendors who suggest otherwise may be engaging in fear mongering.
With so few people in danger of Flame, why am I writing about it? Good question. I’m writing about it because one of the methods used in Flame has the potential of undermining a crucial part of computer security. The authors of Flame have the ability to subvert the Windows Update process. Whatever Flame itself does or doesn’t do, the fact that its authors acquired the capability to distribute fake updates to Microsoft Windows is cause for serious concern.
Software updates and chains of trust
I have previously written about how an important part of computer security is ensuring that your software updates come from the right place. You don’t want someone who pretends to be AgileBits giving you malicious updates to 1Password. And you don’t want someone who pretends to be Microsoft giving you malicious Windows Updates. The methods used for digitally signing downloads and updates involves some mathematical magic and a Chain of Trust. In the summer 2011, we saw, in the example of DigiNotar, what can happen when someone finds a way to insert themselves into the chain of trust.
These two articles, “Who do you trust to tell you who to trust?” and “A peek over the Gatekeeper” explain the security infrastructure I’ll be writing about here. You will see terms like Certificate Authority or Man in the Middle attack in this post, but they are more fully explained and illustrated in those other posts.
read more here
»blog.agilebits.com/2012/06/07/fl···lisions/
--
Gladiator Security Forum
»www.gladiator-antivirus.com/
| |
 StuartMWWho Is John Galt?Premium
join:2000-08-06
Galt's Gulch
kudos:2
 ·CenturyLink
| What I got out of the article.
quote:
What we do know is the bogus certificates for signing Windows Updates were created, and we know what Microsoft has said about it. We know that CAs using MD5 in their digital signatures are vulnerable in the way discussed, and we know that that the bogus certificates were signed by those weak CAs.
Also
quote:
The cryptanalytic technique used to create the MD5 collision is new. It isn’t radically different than previous known techniques, but this is using a technique that would have taken a great deal of expertise to develop.
Read "Nation State" but which one?
--
Don't feed trolls--it only makes them grow! | |
|
