Reply New Topic
20/6/2012 16:47:30
#1
Offline
Home away from home

Flame

Some interesting developments re. the Flame malware (MP3, 44MB) recently covered on the Security Now podcast. For a start, it now seems to be produced out of the same shop that brought you Stuxnet (ie. it would seem to be government sponsored). And how is this for nasty:

* Has a forged (but valid) certificate from Microsoft.
* Installs itself as a proxy / man in the middle against Windows Update service.
* Signs its own malicious components, using the forged Microsoft certificate and hands them off as updates.

Microsoft has reacted by introducing automatic updates to their list of untrusted/revoked certificates, creating a certificate specifically for signing updates to the Windows Update client, no longer allowing windows update to operate via a proxy, and has given advance notice that they are going to kill ALL certificates using 1024 bit keys or less, whether you like it or not.

When governments break their own laws, it seriously makes me not want to pay tax.


Reply New Topic extras
 Previous Topic   Next Topic
You can view topic.
You can start a new topic.
You can reply to posts.
You cannot edit your posts.
You cannot delete your posts.
You cannot add new polls.
You cannot vote in polls.
You cannot attach files to posts.
You can post without approval.