http://spectrum.ieee.org/riskfactor/telecom/security/flame-ordered-to-flame-out/?utm_source=computerwise&utm_medium=email&utm_campaign=061312#.T9h_0yyImhk.mailto
"Flame's authors were able 'to generate a rogue Microsoft digital
code-signing certificate that allowed them to distribute the malware to
Windows computers as an update from Microsoft.' They accomplished this,
ComputerWorld says, by using a previously unknown cryptographic collision attack on the MD5 encryption algorithm (Stevens and company demonstrated one method in 2008) which Microsoft security engineers explain in a blog post here."
So why didn't Microsoft patch a known hole that they warned everybody else about 4 years ago? And how secure will the Internet be when we all know that our software updates might actually be downloading viruses instead? Thanks a lot Flame makers!
No comments:
Post a Comment