<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=ISO-8859-1">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Good Muse Everyone! <a
href="http://blogs.adobe.com/asset/2012/09/inappropriate-use-of-adobe-code-signing-certificate.html">http://blogs.adobe.com/asset/2012/09/inappropriate-use-of-adobe-code-signing-certificate.html<br>
</a><br>
My fav. line in the above is "
<meta charset="utf-8">
<span style="color: rgb(0, 0, 0); font-family: Myriad, Arial,
sans-serif; font-size: 13px; font-style: normal; font-variant:
normal; font-weight: normal; letter-spacing: normal; line-height:
18px; orphans: 2; text-align: start; text-indent: 0px;
text-transform: none; white-space: normal; widows: 2;
word-spacing: 0px; -webkit-text-size-adjust: auto;
-webkit-text-stroke-width: 0px; background-color: rgb(255, 255,
255); display: inline !important; float: none; ">There is no
evidence to date that any source code was stolen." <br>
</span><br>
<span style="color: rgb(0, 0, 0); font-family: Myriad, Arial,
sans-serif; font-size: 13px; font-style: normal; font-variant:
normal; font-weight: normal; letter-spacing: normal; line-height:
18px; orphans: 2; text-align: start; text-indent: 0px;
text-transform: none; white-space: normal; widows: 2;
word-spacing: 0px; -webkit-text-size-adjust: auto;
-webkit-text-stroke-width: 0px; background-color: rgb(255, 255,
255); display: inline !important; float: none; ">I mean, aside
from the obvious fact that the attackers were knowledgable enough
about the organization to find and use the custom code-signing
API. The Chinese modus operandi is to dump tools that have been
discovered, so maybe we will be lucky enough to see them posted to
a Chinese forum shortly?</span><br>
<span style="color: rgb(0, 0, 0); font-family: Myriad, Arial,
sans-serif; font-size: 13px; font-style: normal; font-variant:
normal; font-weight: normal; letter-spacing: normal; line-height:
18px; orphans: 2; text-align: start; text-indent: 0px;
text-transform: none; white-space: normal; widows: 2;
word-spacing: 0px; -webkit-text-size-adjust: auto;
-webkit-text-stroke-width: 0px; background-color: rgb(255, 255,
255); display: inline !important; float: none; "><br>
If it affects the Windows platform, does that mean attackers can
autoupdate your Reader with signed versions of pwdump? Hard to
know from the Adobe press release.<br>
<br>
(That said, the Key itself was stored on hardware, which is a step
up from the Fedora attack...)<br>
<br>
-dave<br>
<br>
</span>
<pre class="moz-signature" cols="72">--
INFILTRATE - the world's best offensive information security conference.
April 2013 in Miami Beach
<a class="moz-txt-link-abbreviated" href="http://www.infiltratecon.com">www.infiltratecon.com</a>
</pre>
</body>
</html>