M$ CD patches

Michel Py michel at arneill-py.sacramento.ca.us
Sat Feb 21 23:30:47 UTC 2004


> Sean Donelan wrote:
> Regardless of the distribution method, geniune Microsoft
> patches are always cryptographically signed by Microsoft.
> Whether consumers can figure out how to check the signature
> is a different question.

Lots can't. I recently put a fake "identity seal" on my personal web
site (go to https://arneill-py.sacramento.ca.us and put the mouse cursor
over the padlock on the left).

It's completely bogus: not only the artwork has been greatly inspired by
Comodo's thing (view the real thing here:
http://www.instantssl.com/ssl-certificate-products/ssl-certificate-trust
logo.html) when the actual SSL certificate comes from freessl.com, but
it also works even if you view the insecure page
http://arneill-py.sacramento.ca.us/.

Besides, I do not have a credit card processing system, although I do
accept donations in cash and gold bullions.

So, what you're looking at is nothing more than a little photoshop and
javascript.

Guess what: I have received many questions that say in substance "how
much does it cost to get the same seal as yours and can you come install
it on my web server?"

Michel.




More information about the NANOG mailing list