dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
2
share rss forum feed


StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:3
reply to mazhurg

Re: Adobe's code signing certificate has been stolen

said by mazhurg:

That would be the code used to sign the flash player install V 11.4.400.252 (Windows 7 64 bits)

Thanks for the info.

Adobe may have signed later versions of Flash with a newer certificate since the one you posted expires on 12/14/2012.
--
Don't feed trolls--it only makes them grow!


leibold
Premium,MVM
join:2002-07-09
Sunnyvale, CA
kudos:10
Reviews:
·SONIC.NET
said by StuartMW:

Adobe may have signed later versions of Flash with a newer certificate since the one you posted expires on 12/14/2012.

Wouldn't the serial number be different on a renewed certificate ? With the software I'm using every certificate (regardless whether new or renewal) gets a unique serial number from the CA but I don't know if that is universal for all certificate authorities.
--
Got some spare cpu cycles ? Join Team Helix or Team Starfire!


StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:3

3 edits

Flash Player 11.4.402.278 certificate
said by leibold:

Wouldn't the serial number be different on a renewed certificate ?

Um, it is.

»Re: Adobe's code signing certificate has been stolen

quote:
FYI the Adobe Flash Player 11.4.402.278 installers I have are signed with a certificate with the serial number 7e 28 2b 07 49 66 9b 59 5f 79 49 ff 06 13 4e 92.

And I said new (not renewed).

PS: Flash Player 11.4.402.278 was signed with a certificate that expires 10/1/2012. LOL. Clearly they aren't expecting that version to last long!
--
Don't feed trolls--it only makes them grow!


Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7
reply to leibold
Also...

It is not public key stuff so the serial number would be the same for everyone who used the product in the time frame the cert was still valid and came with the download...just don't want people to start thinking every user would be getting a unique serial number for their own benefit.

It is a Web Server SSL Certificate

A Web Server SSL Certificate contains the following information:
The certificate holder's name,
The certificate's serial number and expiration date,
Copy of the certificate holder's public key,
The digital signature of the certificate-issuing authority.

»products.secureserver.net/produc···urbo.htm
--
Gladiator Security Forum
»www.gladiator-antivirus.com/


StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:3
said by Name Game:

...just don't want people to start thinking every user would be getting a unique serial number for their own benefit.

Yup.

In short if you download something that is digitally-signed with this certificate consider it suspect.

And that goes for Flash too
--
Don't feed trolls--it only makes them grow!