Microsoft patches crypt32.dll vulnerability that allows certificate spoofing

Discussion in 'Frontpage news' started by Hilbert Hagedoorn, Jan 15, 2020.

  1. Hilbert Hagedoorn

    Hilbert Hagedoorn Don Vito Corleone Staff Member

    Messages:
    36,833
    Likes Received:
    5,921
    GPU:
    AMD | NVIDIA
    386SX likes this.
  2. fantaskarsef

    fantaskarsef Ancient Guru

    Messages:
    11,158
    Likes Received:
    3,236
    GPU:
    2080Ti @h2o
    Well... the NSA advises you to install the patch to the discovered vulnerability they discovered... wait, let me get my tin foil, I'll be right back :D
     
  3. KissSh0t

    KissSh0t Ancient Guru

    Messages:
    7,288
    Likes Received:
    1,567
    GPU:
    ASUS RX 470 Strix
    Pfttt... NSA, can you believe they used to try putting listening devices inside our homes?

    Hey alexa, play despacito.
     
    Backstabak, Texter and fantaskarsef like this.
  4. 386SX

    386SX Master Guru

    Messages:
    661
    Likes Received:
    698
    GPU:
    AMD Vega64 RedDevil
    I already posted this yesterday and urged users to update. Yes, it is really THIS bad. If unpatched, you could fall for spoofed certificates because your computer would think they are valid.

    VPNs use certificates mostly, because "passwords are weak".
    Webservers use certificates to encrypt the connection (online banking, webshops, you name it).
    And much much more ....

    So please update, at least this update, so you dont fall for this and you protect others by hardening your defense, so your computer wont be turned into a zombie.

    BRAAAAAAAAAAAAAIIIIIIIIIIIIIIIIIIIIIIIIIIIINS! ;)
     

  5. fantaskarsef

    fantaskarsef Ancient Guru

    Messages:
    11,158
    Likes Received:
    3,236
    GPU:
    2080Ti @h2o
    I also wonder how the NSA discovered that... what certs they had rigged and suffered from it.
    And, iirc, that lately there's been rigged certs for update programs of large companies (Asus?), rigged certs for "security" software (Avira?).
     
  6. Astyanax

    Astyanax Ancient Guru

    Messages:
    4,449
    Likes Received:
    1,289
    GPU:
    GTX 1080ti
    windows 8.1 and 7 are immune :D
     
    Rich_Guy likes this.
  7. sverek

    sverek Ancient Guru

    Messages:
    5,532
    Likes Received:
    2,385
    GPU:
    NOVIDIA -0.5GB
    NSA: hey M$ remember the backdoor we asked you to open?
    M$: yeah
    NSA: close it, we found better one
    M$: oh... ok
     
    Dribble, 386SX, tunejunky and 3 others like this.
  8. Mundosold

    Mundosold Member Guru

    Messages:
    119
    Likes Received:
    48
    GPU:
    GTX 1070 Ti
    This might be the nastiest security hole in 15+ years. Even specter/meltdown weren't this bad in terms of real world exploit potential.
     
  9. Astyanax

    Astyanax Ancient Guru

    Messages:
    4,449
    Likes Received:
    1,289
    GPU:
    GTX 1080ti
    it covered a specific certificate chain which is not widely used.
     
  10. mbk1969

    mbk1969 Ancient Guru

    Messages:
    8,414
    Likes Received:
    5,299
    GPU:
    GeForce GTX 1070
    Microsoft to Intel: Learn how to make vulnerabilities - more than 20 years and not a single scandal.
     
    386SX and fantaskarsef like this.

  11. Zooke

    Zooke Member Guru

    Messages:
    188
    Likes Received:
    36
    GPU:
    Titan X SLI @ 1475
    I think the conversation went more along the lines of
    NSA Mr X: Holy crap, <insert non US ally here> has found out about the certificate exploit we have been using for years.
    NSA Boss: Damn, let MS know, tell them we only discovered it yesterday. Tell them to publicly thank us too, make people think we have done it for their safety <laughs maniacally>.
    NSA Mr X: Spy on everyone for years and still come out of it smelling of roses, that's why you're the boss, Boss.
     
    386SX, geogan, tunejunky and 2 others like this.
  12. kakiharaFRS

    kakiharaFRS Master Guru

    Messages:
    252
    Likes Received:
    52
    GPU:
    MSI Gaming X 1080ti
    thanks for the news Guru3d clicked that like/bell update asap
     
  13. tunejunky

    tunejunky Master Guru

    Messages:
    896
    Likes Received:
    318
    GPU:
    RadeonVII RTX 2070
    like most of you i'm a bit caught off guard by the NSA acting like a regular joe. so much so, like you, that i'm entirely skeptical of this whole deal.
    i still patched it tho :oops:
     
  14. geogan

    geogan Master Guru

    Messages:
    445
    Likes Received:
    32
    GPU:
    Gigabyte GTX 1070
    Only reason NSA would release this information is if they found out enemies were using it too now. Otherwise they would have kept it to themselves and continued using it for ever.

    Can you just imagine how many other exploits they know about, are using, and are not telling about?

    They are NOT the good guys.
     
  15. schmidtbag

    schmidtbag Ancient Guru

    Messages:
    4,641
    Likes Received:
    1,471
    GPU:
    HIS R9 290
    It's within the NSA's interest to improve security among the general populous, hence the name of the organization. Whether or not you are secure from them is a completely different story. I doubt this patch is making their efforts to spy on you much harder, but, it probably makes it harder for others to do so.

    So - if you just accept the fact the NSA is going to watch you no matter what, I'd consider this patch a win.
     
    fry178 likes this.

  16. fry178

    fry178 Maha Guru

    Messages:
    1,341
    Likes Received:
    161
    GPU:
    EVGA FTW Hybrid2080
    @fantaskarsef
    unless foil is different where you live, its not tin,
    so there is no tinfoil hat you can wear.
     
  17. kakiharaFRS

    kakiharaFRS Master Guru

    Messages:
    252
    Likes Received:
    52
    GPU:
    MSI Gaming X 1080ti
  18. Rich_Guy

    Rich_Guy Ancient Guru

    Messages:
    12,347
    Likes Received:
    477
    GPU:
    MSI 2070S X-Trio
    Yeah, should have stuck with those, more secure :p
     
  19. JamesSneed

    JamesSneed Master Guru

    Messages:
    643
    Likes Received:
    218
    GPU:
    GTX 1070
    Tin foil existed prior to aluminum being invented. The name "tin foil hat" dates back to those days when it was an actual product. The name has simply stuck. I personally think it is a lot easier to say than "aluminum foil hat" so I won't complain.
     
    fantaskarsef likes this.

Share This Page