Microsoft has released an emergency update for Windows, revoking digital certificates that could be used to impersonate the Windows Update security service. The Flame malware exploited flaws related to this vulnerability realizing concerns that Windows Update might be compromised to distribute malware.
Digital certificate authority GlobalSIgn, the fifth largest issuer of SSL certificates, ceased signing new certificates today after accusations by an Iranian hacker that they are compromised.
I spent some time last week looking into the digital signature involved with the recent zero day malware targeting Adobe Reader. Similar to the Stuxnet situation, Verisign has revoked the signing certificate used to sign the payload associated with this Read more…