I saw some random references to something called Sexy View, malware aimed at Nokia devices. I was just going to ignore it, but then I realized it appears to be a signed application. Delicious. If nothing else that should allow the response folks to track down where it came from I would assume. The reports out there are vague so far at best, but I’m hoping at some point something will shed some light on how this came about. I’m assuming something happened like some company got careless (or went out of business and just ignored) their signing key for applications, and some malicious party got hold of it. Very curious about this I am.
Mike Rowehl
I've been working in mobile for a long time, and on internet service scalability even longer. I'm currently working on Churn Labs with some friends, hacking on a bunch of interesting mobile projects. Drop me a line if you're interested.
Miker on Twitter- miker: Chrome for Android beta (ICS only it seems): http://t.co/LJkTq9Jn Looking pretty good so far!
- miker: RT @bryanrieger: Strategies for choosing test devices - http://t.co/YRHkEr7M by @stephanierieger
- miker: RT @kwestin: Asking me to sign an NDA before having coffee to discuss your startup idea is like me asking you to buy condoms before I me ...
- miker: @erickoester There's normally a video of the events. I'll send it along once its posted.
- miker: Mobile Monday tonight in Palo Alto: http://t.co/Ypi3YDZC The business of mobile dating
- del.icio.us feed
- Announcing the FLORA, Adafruit’s wearable electronics platform and accessories « adafruit industries blog
- Enyo JavaScript Application Framework
- A Quick Guide To Investing Like Warren Buffett
- Go Green Saint Patricks Day Run
- Avenue of the Giants Marathon May 1, 2011 - Home
- Server-side device detection used by 82% of Alexa top 100 sites | mobiForge
- ..::[[~ceinig]]::..
- http://www.halfmarathonclub.com/California_Half_Marathon_Races.html
- Fabrice Grinda’s Nine Criteria For Investing In Startups | Young Upstarts
- AhNg519CEAEP5O4.jpg (589×440)
It depends on how it was signed. MD5 is broken (i.e. I could copy a signature on an existing executable if it uses a signed MD5 hash).
The Security Now podcast at GRC.com had some information on SSSL certificates! signed by MD5 being forged.