zlacker

[return to "Leaked stolen Nvidia cert can sign Windows malware"]
1. bratwu+B8[view] [source] 2022-03-05 11:29:23
>>Zuider+(OP)
Hmmm maybe i should keep windows offline for a few days…..
◧◩
2. gruez+5v[view] [source] 2022-03-05 14:34:38
>>bratwu+B8
If malware makes it onto your machine, it's already game over. The certificate allows the attacker to load an arbitrary driver, but the attacker doesn't need that to steal all your data.

relevant xkcd: https://xkcd.com/1200/

◧◩◪
3. ec1096+eK[view] [source] 2022-03-05 16:29:28
>>gruez+5v
Then why are malware authors exploiting this vulnerability?
◧◩◪◨
4. hulitu+fU[view] [source] 2022-03-05 17:18:15
>>ec1096+eK
Because some corporate environments only allow you to run signed executables. "Defense in depth" :)
◧◩◪◨⬒
5. ec1096+5E1[view] [source] 2022-03-05 21:55:46
>>hulitu+fU
So it’s effective in those environments?
◧◩◪◨⬒⬓
6. hulitu+HL2[view] [source] 2022-03-06 10:57:06
>>ec1096+5E1
> So it’s effective in those environments?

No. Those environments will happyly install the malware code because it is signed by Microsoft.

[go to top]