I was wondering if someone can make a Digital Signature just like someone else’s. Example: someguy wants his malware to run without getting alerts from Comodo, and signs his program with a digital sig that has the same details as attached ss.
Will this work?
[attachment deleted by admin]
No one smart enough to answer? 
With enough computing power, yes. Especially with MD5
Many vendors stopped using MD5 after this occurrence. It didn’t affect COMODO, because they don’t use MD5.
I would say those “security researchers” give much more. 88)
Thanks you two!
But I have a question: if it takes about 200 PlayStations to get the master certificate or something for VeriSign, did it take a long time for VeriSign to make their own master certificate?
Can’t I just easily create my own certificate and say it is signed my VeriSign or Comodo?
I’m not sure. I don’t know too much about this. Cryptography and authentication is pretty complex stuff. (:NRD)
Maybe someone else has an answer.
I’m beginning to think they can…
At least for CIS’s Trusted Vendors.
Look at the text in the vendors.nme file:
Adobe Systems Incorporated᯿Adobe Systems, Incorporated૿Apple Inc.ALWIL SoftwareApple Computer, IncᇿComodo CA LimitedComodo CP, IncᇿESET, spol. s r.o૿Google IncMcAfee, IncᗿMicrosoft CorporationᇿMicrosoft Windows᯿Microsoft Windows Publisher◿Microsoft Windows Component PublisherMozilla CorporationዿOpera Software ASAPGP CorporationᗿSkype Technologies SASun Microsystems, Inc.Paltalk.comዿAuslogics Software
Apparently, I can just make a digital signature that has “Adobe Systems Incorporated” or “Adobe Systems, Incorporated” in its name or properties, and wa la! I’m trusted!
Now does that seem easy? To me it does… Do other companies identify digital sigs by this data?
I’m guessing here, so I might be wrong… :-\
I assume CIS checks to see if your ‘Digital Signature’ is the same as one of those in the ‘My Trusted Software Vendors’ Database (if such a Database exists of course).
If the ‘Digital Signature’ is different, it ‘should’ be Blocked.
To get your ‘Digital Signature’ to be the same as one of those in ‘My Trusted Software Vendors’, you will need a Copy of the corresponding ‘Private Key’, used to Sign the File, from the Vendor you wish to counterfeit.
Your Digital Signature’s will always be the same as each other, no matter how different your Signed Executable Files are (Their Program Code / The Binaries).
Your Digital Signature’s are calculated based on the Hash Value of your Executable Files, and your Private Key. (See ‘here’ and Read ‘here’.)
… Though if CIS just check’s the Text in the ‘vendors.nme’ File, then Yes. It will Pass detection without any problems.
It is an interesting question, of which I too don’t know the answer… 
