Microsoft updates trusted root certs to include Startcom
This week while I was away at Virus Bulletin Microsoft released an update to the root certificates they include for Windows and Internet Explorer. On its own this is not noteworthy, but I have been...
View ArticleCertified uncertainty
Just when we thought we understood what was happening with the Stuxnet rootkit the plot thickens. As I reported in my original story, the rootkit component and several other pieces were signed with a...
View ArticleAre signed files safer than others?
Mike Wood of SophosLabs Vancouver presented "Want my autograph? The use and abuse of digital signatures by malware" at the 2010 Virus Bulletin conference. Mike's talk was focused on the trust that...
View ArticleEFF uncovers further evidence of SSL CA bad behavior
The Electronic Frontier Foundation has published a report showing the SSL certificate industry has been ignoring policies and signing tens of thousands of invalid certificates.
View ArticleGoogle blacklists 247 certificates. Is it related to DigiNotar hacking incident?
Google has blacklisted over 200 certificates seemingly related to the DigiNotar hacking incident. What is the full extent of this breach, and who else may have been targeted?
View ArticleGlobalSign stops issuing SSL certificates in response to Iranian hacker
Digital certificate authority GlobalSIgn, the fifth largest issuer of SSL certificates, ceased signing new certificates today after accusations by an Iranian hacker that they are compromised.
View ArticleGinMaster, unwanted Android apps and legit apps gone bad
More coverage from the Virus Bulletin 2013 Conference in Berlin, Germany. Today's topics include Android botnets, malware abusing legitimate applications and defining the types of apps we allow on our...
View ArticleFirefox 32.0 fixes holes, shakes out some old SSL certs, introduces...
Yesterday was Firefox's Fortytwosday (updates come out every 42 days, on Tuesdays, in a nod to Douglas Adams), bringing us to Firefox 32.0. There are also two Extended Support Releases for the more...
View ArticleCar parking apps vulnerable to man-in-the-middle attacks
The next time you need to pay for parking, it might be best to have a handful of coins ready for the meter.
View ArticleAmazon: update your old Kindles or you’ll be cut off from the store
If you don't get the update on or before Tuesday, 22 March 2016, you'll be blocked from accessing the Kindle Store and downloading e-books.
View ArticleIt’s the final countdown for SHA-1 SSL certificates
Apple, Microsoft, Google and Mozilla finally set roadmaps for deprecating SSL certificates still using SHA-1
View ArticleRift keels over after Oculus forgets to renew security certificate
Users got an unwelcome dose of non-virtual reality: “Can’t reach Oculus Runtime Service”
View Article
More Pages to Explore .....