Microsoft Security Bulletins

14:00 on Wednesday, 13 July 2005

This is the second time that I receive a Microsoft Security Bulletin and, since Microsoft uses PGP to sign their bulletins, I have decided to check their signature validity. I don’t know if this has been a flaw in the past as well, since I delete those bulletins without even reading them most of the time, but in the two occassions I have checked them, they had failed to verify, since the signature is bad.

[-- Begin GPG Output (Wed Jul 13 08:30:48 2005) --] 
Signature made 07/12/05 10:47:53 using RSA key ID AA55BC66  
BAD signature from "Microsoft Security Response Center" <secure@microsoft.com>  
[--End GPG Output --]

What’s wrong with these people?