Re: **maillist:: Outlook S/MIME Vulnerability

• Previous message: Dave Ahmad: "[security bulletin] SSRT2310a HP Tru64 UNIX & HP OpenVMS Potential OpenSSL Security Vulnerability (fwd)"
• In reply to: Mike Benham: "Outlook S/MIME Vulnerability"
• Next in thread: Timothy J.Miller: "Re: **maillist:: Outlook S/MIME Vulnerability"
• Reply: Timothy J.Miller: "Re: **maillist:: Outlook S/MIME Vulnerability"
• Reply: Torbjörn Hovmark: "Re: **maillist:: Outlook S/MIME Vulnerability"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Since the failure of checking certificate chain correctly seems to be 
buried deeper in windows (maybe in some DLL? some info from microsoft 
would be greatly appreciated, but their security offensive seems to be 
hot air anyway), i could imagine more possibilities to exploit it:

* certificates of components:
anyone tried to spoof the certificates of components (like plugins) that 
are installed if you click on them?

* certificates used for IPSec authentication:
windows 2000 includes a IPSec implementation, authentication can be done 
by certificates. If i remember correctly, you can define a CA that is 
signing your IPSec partners, so that you can trust the IPSec connection 
partner. Can you spoof that also?

cu
Thomas Seliger

• Next message: secureat_private: "[CLA-2002:522] Conectiva Linux Security Announcement - mailman"
• Previous message: Dave Ahmad: "[security bulletin] SSRT2310a HP Tru64 UNIX & HP OpenVMS Potential OpenSSL Security Vulnerability (fwd)"
• In reply to: Mike Benham: "Outlook S/MIME Vulnerability"
• Next in thread: Timothy J.Miller: "Re: **maillist:: Outlook S/MIME Vulnerability"
• Reply: Timothy J.Miller: "Re: **maillist:: Outlook S/MIME Vulnerability"
• Reply: Torbjörn Hovmark: "Re: **maillist:: Outlook S/MIME Vulnerability"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Sep 03 2002 - 13:57:13 PDT