dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
4737
share rss forum feed


AVD
Respice, Adspice, Prospice
Premium
join:2003-02-06
Onion, NJ
kudos:1
reply to leibold

Re: Adobe's code signing certificate has been stolen

that may be the default



Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7
reply to AVD

said by AVD:

said by Name Game:

Post please if you personally first check the certs from any Adobe product before you install it.

it isn't automatic?

NO.. and i did not generalize that question..I am talking about Adobe and these updates they give specifically.

Certificates

Using Certificates for Code Signing

Certificates can also be used to verify the authenticity of software code that you download from the Internet, install from your company intranet, or purchase on CD-ROM and install on your computer. Unsigned software—software that doesn’t have a valid software publisher’s certificate—can pose a risk to your computer and the information you store on your computer.

When software is signed with a valid certificate from a trusted CA, you know that the software code hasn’t been tampered with and can be safely installed on your computer. During software installation, you’re prompted to verify that you trust the software manufacturer (for example, Microsoft Corporation). You might also be offered the option to always trust software content from that particular software manufacturer. If you choose to trust content from the manufacturer, its certificate goes into your certificate store and other software installations of its products can occur with a circumstance of predefined trust. In the circumstance of predefined trust, you can install software from the manufacturer without being prompted to indicate whether it’s trusted; the certificate on your computer states that you trust the manufacturer of the software.

»technet.microsoft.com/en-us/libr···805.aspx
--
Gladiator Security Forum
»www.gladiator-antivirus.com/


leibold
Premium,MVM
join:2002-07-09
Sunnyvale, CA
kudos:10
Reviews:
·SONIC.NET

1 recommendation

reply to AVD

said by AVD:

that may be the default

I'm sorry if I was unclear but I did mean default behavior. I remember seeing a site that had a nice overview showing which software did not implement CRL checking at all and which software supported CRL checking but had it disabled by default (I'm not sure if there was any that had CRL checking enabled by default).
Of course, I can't find it now

Another issue related to CRLs (not applicable to the current topic) is whether only the presented certificate is being checked or whether all the certificates in the signing chain are checked for revocation as well (should you still trust a certificate if the intermediate or root CA certificate was revoked ?).
--
Got some spare cpu cycles ? Join Team Helix or Team Starfire!


Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7
reply to MagnusM

Adobe also revoked a certificate in Sept. 2010 (Thawte, ser.no 026c21adeccb1c1987a5d38ce24167ce). Used on a malicious CAB file.

Since I'm digging...another Adobe cert (UTN-USERFirst-Object, ser. no 00E7817F8DBDB2740D495EFAB67DB867A4) revoked in 2007. Malware.

»twitter.com/aelgum/status/253496875859202048

Mele20
Premium
join:2001-06-05
Hilo, HI
kudos:5
reply to Name Game

That's what IE does. Don't assume other browsers do what IE does.



Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7

said by Mele20:

That's what IE does. Don't assume other browsers do what IE does.

Does what ?

Mele20
Premium
join:2001-06-05
Hilo, HI
kudos:5

I wish the forum software would let us add "auto quote" to a post when we edit that post. I didn't auto quote you and saw that was a mistake AFTER I posted and then I couldn't add auto quote when I tried to edit the post. So, I just left it confusing.

Not all browsers handle a certificate store like IE does.
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson



Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7

OK well the stores are a function of the OS for downloaded software.. I guess you means the certs for various secure website one visits..

»dev.chromium.org/Home/chromium-s···a-policy

»www.poweradmin.com/help/sslhints/Chrome.aspx

»superuser.com/questions/347588/h···ins-work

I think Opera has a Certificaterevocationlistsforssl thing for those cases and found here opera:config#SecurityPrefs|Certificaterevocationlistsforssl
--
Gladiator Security Forum
»www.gladiator-antivirus.com/



StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:2
reply to Mele20

said by Mele20:

I wish the forum software would let us add "auto quote" to a post when we edit that post.

I use this trick. I start editing the post without quotes, Then I open another tab/window and do a reply/quote on the post I'm replying to, Then I copy'n'paste
--
Don't feed trolls--it only makes them grow!

Mele20
Premium
join:2001-06-05
Hilo, HI
kudos:5

That is a good idea.....if I can remember it!



chachazz
Premium
join:2003-12-14
kudos:9
Reviews:
·TELUS

1 edit
reply to MagnusM

Adobe PSIRT: Update to Security Advisory: Adobe Revokes Code Signing Certificate (APSA12-01)

quote:
Following up on our communication from September 27, 2012, we have now revoked the Adobe code signing certificate for all code signed after July 10, 2012 (00:00 GMT).

We have updated the Security Advisory (APSA12-01) to reflect this action.
quote:
Adobe has revoked the certificate on October 4 for all software code signed after July 10, 2012 (00:00 GMT). Adobe has issued updates signed using a new digital certificate for all affected products.

The following certificate has been revoked and the certificate revocation list (CRL) is available at »csc3-2010-crl.verisign.com/CSC3-2010.crl:

• sha1RSA certificate
• Issued to Adobe Systems Incorporated
• Issued by VeriSign Class 3 Code Signing 2010 CA
• Serial Number: 15 e5 ac 0a 48 70 63 71 8e 39 da 52 30 1a 04 88
• sha1 Thumbprint: fd f0 1d d3 f3 7c 66 ac 4c 77 9d 92 62 3c 77 81 4a 07 fe 4c
• Valid from December 14, 2010 5:00 PM PST (GMT -8:00) to December 14, 2012 4:59:59 PM PST (GMT -8:00)

Note: The revocation of the certificate affects the Windows platform and three Adobe AIR applications (Adobe Muse and Adobe Story AIR applications as well as Acrobat.com desktop services) that run on both Windows and Macintosh. The revocation does not impact any other Adobe software for Macintosh or other platforms.
--
Gladiator Security Forum: www.gladiator-antivirus.com/


Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7

1 recommendation

So that's what happened..I thought it was just my flash acting up again..


StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:2

Looks like you shouldn't have ignored those faulty CPU fan warnings
--
Don't feed trolls--it only makes them grow!



Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7

1 recommendation

Too much altitude to move enough hot air..ya thunk
The chair is empty too..woe is me.



StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:2

I don't think PC's get altitude sickness unlike, um, certain people who visit Denver
--
Don't feed trolls--it only makes them grow!



Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7

I bought it in Denver..can I get some stimulus to bring it back on line beofe it goes green ?



StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:2

I'd write that one off... although you can probably recover data from the HD(s)
--
Don't feed trolls--it only makes them grow!



siljaline
I'm lovin' that double wide
Premium
join:2002-10-12
Montreal, QC
kudos:17
Reviews:
·Bell Sympatico
reply to MagnusM

MS MMPC just issued this:
»blogs.technet.com/b/mmpc/archive···ate.aspx



Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7

let them know their blog post stuff is wrong..should be

libeay32.dll
MD5 hash: 095AB1CCC827BE2F38620256A620F7A4
File size: 999 KB (1,023,168 bytes)
Signature timestamp: Thursday, July 26, 2012 8:44:13 PM PDT (GMT -7:00)

not libeay.dll

I have a copy of that "tool"

»vishnuvalentino.com/computer-sec···w-table/
--
Gladiator Security Forum
»www.gladiator-antivirus.com/


siljaline
I'm lovin' that double wide
Premium
join:2002-10-12
Montreal, QC
kudos:17
Reviews:
·Bell Sympatico

said by Name Game:

let them know their blog post stuff is wrong..should be

Uh... can't sign in and alert MS yerself


Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7

1 recommendation

No..I have a globule warming problem..



Blackbird
Built for Speed
Premium
join:2005-01-14
Fort Wayne, IN
kudos:3
Reviews:
·Frontier Communi..
reply to Name Game

said by Name Game:

So that's what happened..I thought it was just my flash acting up again..

But... don't give up! You can fix that computer!
--
"Is life so dear, or peace so sweet, as to be purchased at the price of chains and slavery? Forbid it, Almighty God!" -- P.Henry, 1775


siljaline
I'm lovin' that double wide
Premium
join:2002-10-12
Montreal, QC
kudos:17
reply to Name Game

Globule



StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:2

said by siljaline:

Globule

I thought it was glow-ball worming
--
Don't feed trolls--it only makes them grow!


siljaline
I'm lovin' that double wide
Premium
join:2002-10-12
Montreal, QC
kudos:17

That's the one.

--
Donne-moi des peanuts, j’m’en va te chanter "Alouette" sans fausse note



Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7

Found the problem

Wife by text to me at work:

"Hello,

Windows at home frozen - what will I do?"

Me - "Spray some de-icer or pour hot water on them"

Wife a few minutes later - "Done that, now computer won't work at all."
--
Gladiator Security Forum
»www.gladiator-antivirus.com/



StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:2

Hang on. If you have glow-ball worming how did the Windows freeze?
--
Don't feed trolls--it only makes them grow!



Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7

Click for full size
The candle is still lit on the glow-ball..but there is frost on the pumpkins