|
Naziv
|
Signature Spoofing by Key Theft
|
|
Sažetak
|
An attacker obtains an authoritative or reputable signer's private signature key by theft and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
|
|
Preduvjeti
|
An authoritative or reputable signer is storing their private signature key with insufficient protection.
|
|
Rješenja
|
Restrict access to private keys from non-supervisory accounts Restrict access to administrative personnel and processes only Ensure all remote methods are secured Ensure all services are patched and up to date
|
