Can someone tell me precisely how the NSA could use this to break in to someone's computer?
My understanding is that this key might be used by a computer to verify software downloaded from the internet. Will the operating system accept software signed with any of the three keys mentioned in the article? This should be easy to check, if as is claimed in the article, the key named NSAKEY can be altered.
Even if that's true, the only way I can think to exploit this is to convince the target computer to download a cryptography module or whatever from a site I control. How could you do that?
Slashdot Mirror
Can someone tell me precisely how the NSA could
use this to break in to someone's computer?
My understanding is that this key might be used
by a computer to verify software downloaded from
the internet. Will the operating system accept
software signed with any of the three keys
mentioned in the article? This should be easy
to check, if as is claimed in the article, the
key named NSAKEY can be altered.
Even if that's true, the only way I can think to
exploit this is to convince the target computer
to download a cryptography module or whatever
from a site I control. How could you do that?
Alex.