Forging of digital signatures by malware?

Hi, see what you make of these.


Digital Certificates Not Always a Safety Guarantee http://blog.trendmicro.com/digital-certificates-not-always-a-safety-guarantee

Fake SSL Certificates Seen Again http://blog.trendmicro.com/fake-ssl-certificates-seen-again

PayPal Scam Site Using Legit SSL http://www.internetnews.com/ec-news/article.php/2232421

New Research Suggests That Governments May Fake SSL Certificates http://www.eff.org/deeplinks/2010/03/researchers-reveal-likelihood-governments-fake-ssl

April 15, 1999 Attacking Certificates with Computer Viruses http://www.schneier.com/crypto-gram-9904.html#certificates

April 15, 2001 Fake Microsoft Certificates http://www.schneier.com/crypto-gram-0104.html

phishers have begun to outfit their counterfeit sites with self-generated Secure Sockets Layer certificates http://abcnews.go.com/Technology/PCWorld/story?id=1351041

Too Many Security Warnings Results in Complacency http://www.schneier.com/blog/archives/2009/08/too_many_securi_1.html

Example of how fake sites target users of e-gold, E-Bullion, Pecunix, and Liberty Reserve http://blog.e-gold.com/2007/09/sophisticated-f.html

Probably you want to import a "fake" SSL cert in JRE's trustcacerts for avoiding not-a-valid-certificate issues. http://stackoverflow.com/questions/684081/importing-ssl-certificate-into-eclipse

*

Here's an app for FF that might be useful

SSL Blacklist 4.0 http://codefromthe70s.org/sslblacklist.aspx

 

Those are different, they involve SSL certificates for websites.

 

@Gullible Jones

Brain fart

My Head Hurts - Monty Python -http://www.youtube.com/watch?v=rTens4i32b0-

 

I looked through the list of webpages you referenced, and I failed to see any instances described in which an adversary successfully forged a digital certificate (i.e., used a certificate from a trusted source to successfully sign malware and thereby misrepresent the actual software publisher).

Am I missing something?