 StuartMWWho Is John Galt?Premium
join:2000-08-06
Galt's Gulch
kudos:2
 ·CenturyLink
| reply to Name Game
Re: Adobe's code signing certificate has been stolen FYI the Adobe Flash Player 11.4.402.278 installers I have are signed with a certificate with the serial number 7e 28 2b 07 49 66 9b 59 5f 79 49 ff 06 13 4e 92.
Shockwave Player 11.6.7.637 uses 60 8a ad 6f 0d ed 59 8a b9 8c bf 81 18 7c 91 bb.
Acrobat Reader 9.5.x/X 10.1.4 both use 02 90 96 5e 91 33 40 cd a6 63 4c ef 31 f7 fd 07.
It appears Adobe uses a different certificate for every product.
--
Don't feed trolls--it only makes them grow! |
|
 Name GamePremium
join:2002-07-07
North Myrtle Beach, SC
kudos:7 | reply to MagnusM
Magnus you will love this one..they seem to be on a roll. 
Are anti-virus companies companies regularly committing software piracy?
»security.stackexchange.com/quest···e-piracy
--
Gladiator Security Forum
»www.gladiator-antivirus.com/
|
|
 mazhurgPremium
join:2004-05-02
Portage La Prairie, MB | reply to Name Game
Certificate # | 
Version |
said by Name Game:Serial Number of the compromised Adobe certificate is 15 e5 ac 0a 48 70 63 71 8e 39 da 52 30 1a 04 88
That would be the code used to sign the flash player install V 11.4.400.252 (Windows 7 64 bits) |
|
StuartMWWho Is John Galt?Premium
join:2000-08-06
Galt's Gulch
kudos:2 Reviews:
·CenturyLink
| said by mazhurg:That would be the code used to sign the flash player install V 11.4.400.252 (Windows 7 64 bits)
Thanks for the info.
Adobe may have signed later versions of Flash with a newer certificate since the one you posted expires on 12/14/2012.
--
Don't feed trolls--it only makes them grow! |
|
 leiboldPremium,MVM
join:2002-07-09
Sunnyvale, CA
kudos:6
·SONIC.NET
| said by StuartMW:Adobe may have signed later versions of Flash with a newer certificate since the one you posted expires on 12/14/2012.
Wouldn't the serial number be different on a renewed certificate ? With the software I'm using every certificate (regardless whether new or renewal) gets a unique serial number from the CA but I don't know if that is universal for all certificate authorities.
--
Got some spare cpu cycles ? Join Team Helix or Team Starfire! |
|
StuartMWWho Is John Galt?Premium
join:2000-08-06
Galt's Gulch
kudos:2 Reviews:
·CenturyLink
3 edits | 
Flash Player 11.4.402.278 certificate |
said by leibold:Wouldn't the serial number be different on a renewed certificate ?
Um, it is.
»Re: Adobe's code signing certificate has been stolen
quote:
FYI the Adobe Flash Player 11.4.402.278 installers I have are signed with a certificate with the serial number 7e 28 2b 07 49 66 9b 59 5f 79 49 ff 06 13 4e 92.
And I said new (not renewed).
PS: Flash Player 11.4.402.278 was signed with a certificate that expires 10/1/2012. LOL. Clearly they aren't expecting that version to last long!
--
Don't feed trolls--it only makes them grow! |
|
Name GamePremium
join:2002-07-07
North Myrtle Beach, SC
kudos:7 | reply to leibold
Also... It is not public key stuff so the serial number would be the same for everyone who used the product in the time frame the cert was still valid and came with the download...just don't want people to start thinking every user would be getting a unique serial number for their own benefit. It is a Web Server SSL Certificate A Web Server SSL Certificate contains the following information: The certificate holder's name, The certificate's serial number and expiration date, Copy of the certificate holder's public key, The digital signature of the certificate-issuing authority. » products.secureserver.net/produc···urbo.htm--
Gladiator Security Forum
»www.gladiator-antivirus.com/
|
|
|
|
StuartMWWho Is John Galt?Premium
join:2000-08-06
Galt's Gulch
kudos:2 Reviews:
·CenturyLink
| said by Name Game:...just don't want people to start thinking every user would be getting a unique serial number for their own benefit.
Yup.
In short if you download something that is digitally-signed with this certificate consider it suspect.
And that goes for Flash too 
--
Don't feed trolls--it only makes them grow! |
|
StuartMWWho Is John Galt?Premium
join:2000-08-06
Galt's Gulch
kudos:2 Reviews:
·CenturyLink
| reply to MagnusM
Some more info.
quote:
This apparently only effects "the Windows platform" and "three Adobe AIR applications for both Windows and Macintosh".
»isc.sans.edu/diary/Adobe+certifi···th/14194
--
Don't feed trolls--it only makes them grow! |
|
| reply to mazhurg
said by mazhurg:said by Name Game:Serial Number of the compromised Adobe certificate is 15 e5 ac 0a 48 70 63 71 8e 39 da 52 30 1a 04 88
so this explains the recent "strange" release of "new" adobe "flash player" installers, where the builds supposedly were identical but, strangely, they were given new build numbers, and without any new releasenotes..
i use adobe flash player 10.x.. build 10.3.183.23 had the compromised digital signature.. build 10.3.183.25 has a new, different digital signature.. |
|
StuartMWWho Is John Galt?Premium
join:2000-08-06
Galt's Gulch
kudos:2 | Good point! I'd forgotten (or blocked) about that.
--
Don't feed trolls--it only makes them grow! |
|
Name GamePremium
join:2002-07-07
North Myrtle Beach, SC
kudos:7 | reply to MagnusM
Want to search your system for files signed by the bad Adobe cert? Use any hex search tool to search for "15e5ac0a487063718e39da52301a0488" |
|
Name GamePremium
join:2002-07-07
North Myrtle Beach, SC
kudos:7 | reply to MagnusM
Win 7 adobe certs...
»twitter.com/mikko/status/2527565···/1/large |
|
Mele20Premium
join:2001-06-05
Hilo, HI
kudos:4 | reply to MagnusM
So why hasn't Adobe done something about the expired cert? I downloaded the latest Flash Player from »www.adobe.com/products/flashplay···on3.html a few minutes ago. The cert was OUTDATED by 42 minutes when I downloaded the file. 
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson |
|
StuartMWWho Is John Galt?Premium
join:2000-08-06
Galt's Gulch
kudos:2 Reviews:
·CenturyLink
| Yep, it would be.
quote:
PS: Flash Player 11.4.402.278 was signed with a certificate that expires 10/1/2012. LOL. Clearly they aren't expecting that version to last long!
»Re: Adobe's code signing certificate has been stolen
--
Don't feed trolls--it only makes them grow! |
|
Mele20Premium
join:2001-06-05
Hilo, HI
kudos:4 | So, because Adobe's cert was stolen they are not going to extend the signature for the current version of Flash Player for which the cert ended at 1:59:59PM?
How come Properties box/digital signature/details says the cert is "ok" even though it is expired and I downloaded Flash Player installer AFTER the cert's validity ended? So, does this mean that nothing about certs can be trusted? 
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson |
|
Name GamePremium
join:2002-07-07
North Myrtle Beach, SC
kudos:7 | Does not work that way..
The company said the certificate will be re-issued on Oct. 4, but didn’t explain why it would take that long.
»mcaf.ee/vp0iy
--
Gladiator Security Forum
»www.gladiator-antivirus.com/
|
|
StuartMWWho Is John Galt?Premium
join:2000-08-06
Galt's Gulch
kudos:2 Reviews:
·CenturyLink
2 edits | said by Name Game:The company said the certificate will be re-issued on Oct. 4, but didn’t explain why it would take that long.
Well they said that about the compromised certificate. That is not the same certificate that was used for Flash Player 11.4.402.278.
I have no idea why Adobe chose to digital sign Flash Player 11.4.402.278 with a certificate that would expire a few weeks later.
BTW to answer Mele20  's question the message says This digital signature is ok. The fact the the certificate used to create the signature is now expired doesn't affect the signature. The signature would not be ok if the package was altered (and it wasn't).
--
Don't feed trolls--it only makes them grow! |
|
Mele20Premium
join:2001-06-05
Hilo, HI
kudos:4 | reply to Name Game
From your link:
"The three affected applications are Adobe Muse, Adobe Story AIR applications, and Acrobat.com desktop services."
Flash Player wasn't involved. That article is irrelevant as far as to why Adobe has allowed the code signing cert for the CURRENT Flash Player to lapse today.
OT but what is that weird address you used? If ANYBODY but YOU had posted shit like that I would not have gone there. Post a normal address please in the future.
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson |
|
 BlackbirdBuilt for SpeedPremium
join:2005-01-14
Fort Wayne, IN
kudos:3
·Frontier Communi..
| reply to StuartMW
said by StuartMW:...I have no idea why Adobe chose to digital sign Flash Player 11.4.402.278 with a certificate that would expire a few weeks later. Maybe it's a new way to overcome user resistance and compel installation of their frequent security updates. As you noted earlier: quote:
Clearly they aren't expecting that version to last long!
Adobe is a lot like fresh bread... in a few days, whatever you have today will be stale or moldy.
--
"Is life so dear, or peace so sweet, as to be purchased at the price of chains and slavery? Forbid it, Almighty God!" -- P.Henry, 1775 |
|
