Clik here to view.
Microsoft updates trusted root certs to include Startcom
This week while I was away at Virus Bulletin Microsoft released an update to the root certificates they include for Windows and Internet Explorer. On its own this is not noteworthy, but I have been...
View ArticleClik here to view.
Certified uncertainty
Just when we thought we understood what was happening with the Stuxnet rootkit the plot thickens. As I reported in my original story, the rootkit component and several other pieces were signed with a...
View ArticleClik here to view.
Are signed files safer than others?
Mike Wood of SophosLabs Vancouver presented "Want my autograph? The use and abuse of digital signatures by malware" at the 2010 Virus Bulletin conference. Mike's talk was focused on the trust that...
View ArticleClik here to view.
EFF uncovers further evidence of SSL CA bad behavior
The Electronic Frontier Foundation has published a report showing the SSL certificate industry has been ignoring policies and signing tens of thousands of invalid certificates.
View ArticleClik here to view.
Google blacklists 247 certificates. Is it related to DigiNotar hacking incident?
Google has blacklisted over 200 certificates seemingly related to the DigiNotar hacking incident. What is the full extent of this breach, and who else may have been targeted?
View ArticleClik here to view.
GlobalSign stops issuing SSL certificates in response to Iranian hacker
Digital certificate authority GlobalSIgn, the fifth largest issuer of SSL certificates, ceased signing new certificates today after accusations by an Iranian hacker that they are compromised.
View ArticleClik here to view.
GinMaster, unwanted Android apps and legit apps gone bad
More coverage from the Virus Bulletin 2013 Conference in Berlin, Germany. Today's topics include Android botnets, malware abusing legitimate applications and defining the types of apps we allow on our...
View ArticleClik here to view.
Firefox 32.0 fixes holes, shakes out some old SSL certs, introduces...
Yesterday was Firefox's Fortytwosday (updates come out every 42 days, on Tuesdays, in a nod to Douglas Adams), bringing us to Firefox 32.0. There are also two Extended Support Releases for the more...
View ArticleClik here to view.
Car parking apps vulnerable to man-in-the-middle attacks
The next time you need to pay for parking, it might be best to have a handful of coins ready for the meter.
View ArticleClik here to view.
Amazon: update your old Kindles or you’ll be cut off from the store
If you don't get the update on or before Tuesday, 22 March 2016, you'll be blocked from accessing the Kindle Store and downloading e-books.
View ArticleClik here to view.
It’s the final countdown for SHA-1 SSL certificates
Apple, Microsoft, Google and Mozilla finally set roadmaps for deprecating SSL certificates still using SHA-1
View ArticleRift keels over after Oculus forgets to renew security certificate
Users got an unwelcome dose of non-virtual reality: “Can’t reach Oculus Runtime Service”
View Article
