(get it in RSS or Atom)

Firefox 32.0 fixes holes, shakes out some old SSL certs, introduces certificate pinning

Yesterday was Firefox's Fortytwosday (updates come out every 42 days, on Tuesdays, in a nod to Douglas Adams), bringing us to Firefox 32.0.

There are also two Extended Support Releases for the more conservative amongst us...

GinMaster, unwanted Android apps and legit apps gone bad


More coverage from the Virus Bulletin 2013 Conference in Berlin, Germany. Today's topics include Android botnets, malware abusing legitimate applications and defining the types of apps we allow on our phones.

GlobalSign stops issuing SSL certificates in response to Iranian hacker


Digital certificate authority GlobalSIgn, the fifth largest issuer of SSL certificates, ceased signing new certificates today after accusations by an Iranian hacker that they are compromised.

Google blacklists 247 certificates. Is it related to DigiNotar hacking incident?


Google has blacklisted over 200 certificates seemingly related to the DigiNotar hacking incident. What is the full extent of this breach, and who else may have been targeted?

EFF uncovers further evidence of SSL CA bad behavior


The Electronic Frontier Foundation has published a report showing the SSL certificate industry has been ignoring policies and signing tens of thousands of invalid certificates.

Are signed files safer than others?

Default image

Mike Wood of SophosLabs Vancouver presented "Want my autograph? The use and abuse of digital signatures by malware" at the 2010 Virus Bulletin conference. Mike's talk was focused on the trust that people and technology put into certificates and how Read more…

Certified uncertainty

Screenshot of Stuxnet stolen certificates

Just when we thought we understood what was happening with the Stuxnet rootkit the plot thickens. As I reported in my original story, the rootkit component and several other pieces were signed with a legitimate digital certificate from Realtek Semiconductor. Read more…

Microsoft updates trusted root certs to include Startcom

Image (1) rootcertupdate550.png for post 2858

This week while I was away at Virus Bulletin Microsoft released an update to the root certificates they include for Windows and Internet Explorer. On its own this is not noteworthy, but I have been meaning to blog about this Read more…