|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Thomas Seliger (SQEHXLLBQUJX_at_spammotel.com)
Date: Tue Sep 03 2002 - 09:06:39 CDT
Since the failure of checking certificate chain correctly seems to be
buried deeper in windows (maybe in some DLL? some info from microsoft
would be greatly appreciated, but their security offensive seems to be
hot air anyway), i could imagine more possibilities to exploit it:
* certificates of components:
anyone tried to spoof the certificates of components (like plugins) that
are installed if you click on them?
* certificates used for IPSec authentication:
windows 2000 includes a IPSec implementation, authentication can be done
by certificates. If i remember correctly, you can define a CA that is
signing your IPSec partners, so that you can trust the IPSec connection
partner. Can you spoof that also?
cu
Thomas Seliger
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]