digital signature

(get it in RSS or Atom)

Mozilla fixes "phishing friendly" cryptographic bug in Firefox and Thunderbird


Mozilla just patched a bug in its cryptographic library, NSS.

The bug is rated "critical" because it could permit skullduggery in apparently secure connections.

Android "FakeID" security hole causes a pre-BlackHat stir

Seems that a rogue Android app can get more privileges than it deserves simply by saying that someone trustworthy has vouched for it.

It's been dubbed the "FakeID" hole...

Rooting SIM cards - BlackHat speaker says he may be able to "own your phone" with a text message


Mobile security researcher Karsten Nohl says he'll explain at the BlackHat conference how he can remotely "own" mobile phones with a single text message.

Paul Ducklin looks at what Nohl has said so far, and ponders how hard this might be to sort out...

Inside the "PlugX" malware with SophosLabs - a fascinating journey into a malware factory...


Join SophosLabs Principal Researcher Gabor Szappanos as he takes you on a fascinating journey into the latest "product" from the PlugX malware factory.

Targeted malware attack piggybacks on Nvidia digital signature


Gabor Szappanos from SophosLabs takes a detailed examination of a targeted attack involving multiple stages and an innocent signed application - from the social engineering in the initial lure, to the technical capabilities of the malware it delivers.

The TURKTRUST SSL certificate fiasco - what really happened, and what happens next?

The TURKTRUST SSL certificate fiasco - what happened, and what happens next?

Was the TURKTRUST SSL fiasco an abortive attempt at secret surveillance, or a blundering crisis of convenience?

Paul Ducklin takes stock of the situation...