David E. Ross
2008-09-18 04:34:25 UTC
US-CERT (an agency of the U.S. Department of Homeland Security) recently
issued a bulletin at comp.security.announce about a vulnerability
affecting Apple computers. The message was signed with a new,
unannounced PGP key that was, in turn, signed with an expired US-CERT
key-signing key. Thus, there is no way to verify the origin or
integrity of the bulletin.
I mention this problem here because the comp.security.announce newsgroup
is apparently moderated and failed to post my warning about this.
issued a bulletin at comp.security.announce about a vulnerability
affecting Apple computers. The message was signed with a new,
unannounced PGP key that was, in turn, signed with an expired US-CERT
key-signing key. Thus, there is no way to verify the origin or
integrity of the bulletin.
I mention this problem here because the comp.security.announce newsgroup
is apparently moderated and failed to post my warning about this.
--
David E. Ross
<http://www.rossde.com/>
Q: What's a President Bush cocktail?
A: Business on the rocks.
David E. Ross
<http://www.rossde.com/>
Q: What's a President Bush cocktail?
A: Business on the rocks.