Evo sta lik kaze, za one koji nisu procali...
"...I'm able to issue windows update, Microsoft's statement about Windows Update and that I can't issue such update is totally false! I already reversed ENTIRE windows update protocol, how it reads XMLs via SSL which includes URL, KB no, SHA-1 hash of file for each update, how it verifies that downloaded file is signed using WinVerifyTrust API....
I signed windows calculator using Google Cert, you have to have private key of cert to be able to sign calculator. It's enough reason/proof....
....
this time attack was limited to Iran, next time, I'll own as more as gateways in Israel, USA, Europe, as more as ISPs and attack will run there. You know man, I give promises and I keep them, I say words and they just happen, I told you wait and see previous time (Comodo case), now you see more. For an example ask a little from LMI.NET Berkley's ISP, ask about user Todd and password loc!666 (for example), ask if they detected that I was owned their all Linux boxes and I got access to their DNS servers, you see?
....
You think I generated SSL and code signing certificates by sending some SQL queries or sending some requests or using some ready made in desktop applications with 1234 password default? Ahhh man! Stop taking people's work easy... There was netHSM with OpenBSD OS, only 1 port open, totally closed/protected with RSA SecurID and SafeSign Token management systems, they had around 8 smart card totally (a company with a lot of employees, only 8 smart card for SSL generation), you see? It's not "simple DNN bug", ok? I had remote desktop access in last RSA Certificate Manager system which had no any connection to internet, all files was coded in XUDA (there is no reference to XUDA programming language, even a single line), no one can access those server via Remote desktop, there was enough firewalls and routers which even blocked their own employeee to access that network. That network had different domain controller with different users, man! There is so much thing to explain, I'll do it later, just know it is most sophisticated hack of all time, that's all!
......
GlobalSign (I have access to their entire server, got DB backups, their linux / tar gzipped and downloaded, I even have private key of their OWN globalsign.com domain, hahahaa)
.....
I owned an entire computer network of DigiNotar with 5-6 layer inside which have no ANY connection to internet (kako bre?!?!?!?)
....
Some others says APIs was easy, it was all documented, everything was inside DLL so what I did about re-writing APIs, a person with experience of 1000 programmers had problems with APIs, LOL.
Do you know how many codes I wrote in C++ and Assembly language? Do you know how much work I did in reversing Skype and it's undisclosed protocol? Man! I create my own APIs, from web SOAP XML APIs to windows DLLs with exports.
I said I wasn't aware of !ApplySSL API and other needed APIs like PickUpSSL and others.
I found that out when I was already logged into Comodo Partner's account and I was sure they'll notice me soon, so I had to do my job fast.
TrustDLL.dll was too old, it's last modify date was end of 2007, APIs of Comodo was changed and a lot of more crucial parameters was added, they wasn't using TrustDLL anymore, as far as I understood, they was doing processing and authenticating orders and signing CSRs manually. They had not too much order in last years, about 1 order per 4-5 days for example. So don't worry, I'm aware of APIs ;)"
Prosto neverovatno.......
Having an idea is like being in a nutshell, but exchanging idea and collaborate
with
others is like being in infinite ocean of knowledge.
________________________________________________________________
____
Veruj u sebe. Ako ti neces, ko hoce?!
„Bolje živeti 100 godina kao milioner, nego sedam dana u bedi.“