Home Tags Code Signing

Tag: Code Signing

New(ish) Mirai Spreader Poses New Risks

A cross-platform win32-based Mirai spreader and botnet is in the wild and previously discussed publicly. However, there is much information confused together, as if...

Oracle to Java devs: Stop signing JAR files with MD5

Starting in April, Oracle will treat JAR files signed with the MD5 hashing algorithm as if they were unsigned, which means modern releases of...

SHA-1 End Times Have Arrived

For the past couple of years, browser makers have raced to migrate from SHA-1 to SHA-2 as researchers have intensified warnings about collision attacks moving from...

Finally! A minimum standard for certificate authorities

The Certificate Authority Security Council has released new Minimum Requirements for Code Signing for use by all CAs (Certificate Authorities).This represents the first-ever standard...

Can ISPs step up and solve the DDoS problem?

Apply best routing practices liberally. Repeat each morning Solve the DDoS problem? No problem. We’ll just get ISPs to rewrite the internet.In this interview Ian...

Google to Distrust WoSign, StartCom Certs in 2017

Google announced Monday that when it ships Chrome 56 in January 2017 the browser will distrust certificates issued by Chinese certificate authoritiesWoSign and StartCom...

How Google’s Project Zero made Apple refactor its kernel

MacOS, iOS task threading was open to hijack When Apple shipped its security bug-fixes earlier this week, one patch mostly passed under the radar. Ian Beer...

On the StrongPity Waterhole Attacks Targeting Italian and Belgian Encryption Users

The StrongPity APT is a technically capable group operating under the radar for several years.The group has quietly deployed zero-day in the past, effectively...

The coming IoT security plague

The internet of things (IoT) is an $11 trillion opportunity, breathlessly gasps McKinsey & Co.It will change marketing, business, health care, and everything ......

2880823 – Deprecation of SHA-1 Hashing Algorithm for Microsoft Root Certificate...

Deprecation of SHA-1 Hashing Algorithm for Microsoft Root Certificate ProgramPublished: November 12, 2013 | Updated: May 18, 2016 ...

Tick-tock: Time is running out to move from SHA-1 to SHA-2

Are you ready for the coming SHA-1 deprecation deadline? I suspect most companies aren't.They don't know about the issue -- and the pending January 1,...

HP accidentally signed malware, will revoke certificate

Hewlett-Packard has alerted some customers that it will be revoking a digital certificate used to sign a huge swath of software—including hardware drivers...