I was wondering if someone can make a Digital Signature just like someone else’s. Example: someguy wants his malware to run without getting alerts from Comodo, and signs his program with a digital sig that has the same details as attached ss.
I would say those “security researchers” give much more. 88)
Thanks you two!
But I have a question: if it takes about 200 PlayStations to get the master certificate or something for VeriSign, did it take a long time for VeriSign to make their own master certificate?
Can’t I just easily create my own certificate and say it is signed my VeriSign or Comodo?
Adobe Systems Incorporated᯿Adobe Systems, Incorporated૿Apple Inc.ALWIL SoftwareApple Computer, IncᇿComodo CA LimitedComodo CP, IncᇿESET, spol. s r.o૿Google IncMcAfee, IncᗿMicrosoft CorporationᇿMicrosoft Windows᯿Microsoft Windows Publisher◿Microsoft Windows Component PublisherMozilla CorporationዿOpera Software ASAPGP CorporationᗿSkype Technologies SASun Microsystems, Inc.Paltalk.comዿAuslogics Software
Apparently, I can just make a digital signature that has “Adobe Systems Incorporated” or “Adobe Systems, Incorporated” in its name or properties, and wa la! I’m trusted!
Now does that seem easy? To me it does… Do other companies identify digital sigs by this data?
I assume CIS checks to see if your ‘Digital Signature’ is the same as one of those in the ‘My Trusted Software Vendors’ Database (if such a Database exists of course).
If the ‘Digital Signature’ is different, it ‘should’ be Blocked.
To get your ‘Digital Signature’ to be the same as one of those in ‘My Trusted Software Vendors’, you will need a Copy of the corresponding ‘Private Key’, used to Sign the File, from the Vendor you wish to counterfeit.
Your Digital Signature’s will always be the same as each other, no matter how different your Signed Executable Files are (Their Program Code / The Binaries).
Your Digital Signature’s are calculated based on the Hash Value of your Executable Files, and your Private Key. (See ‘here’ and Read ‘here’.)
… Though if CIS just check’s the Text in the ‘vendors.nme’ File, then Yes. It will Pass detection without any problems.
It is an interesting question, of which I too don’t know the answer…