CERT has issued a new advisory: "CA-2001-04 Unauthentic 'Microsoft Corporation' Certificates." ( ) It seems that VeriSign, Inc. issued two certificates to an individual fraudulently claiming to be an employee of Microsoft Corporation. There are some who believe that this could allow someone to write a virus that will look like a MS signed document. See and
for more details.
On the other hand, VMyths ( ) suggests that this is just media hyteria for three reasons. "First & foremost, ALL previous virus incidents (e.g. Melissa, ILoveYou, Kournikova) succeeded WITHOUT digital signatures. Second, Verisign issued these "fake IDs" nearly two months ago, yet it only just now came to light. Third, antivirus software can detect signed or unsigned viruses with equal ease."
My personal take, while number 3 is a valid reason, numbers 1 and 2 are of little comfort. :-0 James P. Cottingham
for more details.
On the other hand, VMyths ( ) suggests that this is just media hyteria for three reasons. "First & foremost, ALL previous virus incidents (e.g. Melissa, ILoveYou, Kournikova) succeeded WITHOUT digital signatures. Second, Verisign issued these "fake IDs" nearly two months ago, yet it only just now came to light. Third, antivirus software can detect signed or unsigned viruses with equal ease."
My personal take, while number 3 is a valid reason, numbers 1 and 2 are of little comfort. :-0 James P. Cottingham