[Discuss] And again with the certificate authorities.
Richard Pieri
richard.pieri at gmail.com
Sat Oct 11 17:30:33 EDT 2014
This time around it's HP:
http://arstechnica.com/security/2014/10/hp-accidentally-signed-malware-will-revoke-certificate/
With a twist: the CA itself was not compromised. One of the computers
trusted with code signing had become infected with a bit of malware that
got itself signed with a HP key and then shipped itself back to the
distributor. It's been in the wild in its signed formed for the past
four years.
--
Rich P.
More information about the Discuss
mailing list