Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

You are misunderstanding. WinRAR's implication is that the CA is lying about the 570 MB file because they didn't mention it until WinRAR challenged them on the VirusTotal justification for revocation, and because they were unable to provide the file in question or any evidence that it exists.


Why not at least link to the virustotal listing for said file? Perhaps someone else has it from the hash?

I doubt the CA would lie about the existence of such a file, although perhaps they are mistaken about the signature (it could be a case of a 570 MB file concatenated with a legitimately signed winrar executable - signatures don't always cover all parts of the file)


It seems unlikely it's on VT:

1. VT has an upload limit of 128 MB. (Maybe the private API allows more, not sure.)

2. VT allows sample download if you have a VT Intelligence account - so if this was a file shared with VT, the CA should be able to provide the file.


> Why not at least link to the virustotal listing for said file?

I don't think virustotal accepts files larger than 500 MB.


[deleted]


The WinRAR post doesn't say that the file was submitted to VirusTotal, only that the CA said it "looked like a file used by hackers". Either there was no VirusTotal record for it or there was and WinRAR omitted that fact because it weakened their argument.


Also this file (if it existed) was used to justify a business critical decision. Why wasn’t there a paper trail for this file. Why wasn’t this data archived?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: