Collaborate Disseminate
The misuse of code signing certificates is so widespread that a larger percentage of malware downloaded to computers is digitally signed than that of benign software programs. Antivirus company Trend Micro studied 3 million software downloads on hundr… Continue reading Large Percentage of Malware Downloads Are Signed with Valid Certificates
I published the following diary on isc.sans.org: “Proactive Malicious Domain Search“: In a previous diary, I presented a dashboard that I’m using to keep track of the DNS traffic on my networks. Tracking malicious domains is useful but what if you could, in a certain way, “predict” the upcoming domains
[The post [SANS ISC] Proactive Malicious Domain Search has been first published on /dev/random]
Continue reading [SANS ISC] Proactive Malicious Domain Search
I published the following diary on isc.sans.org: “Keep An Eye on your Root Certificates“. A few times a year, we can read in the news that a rogue root certificate was installed without the user consent. The latest story that pops up in my mind is the Savitech audio drivers
[The post [SANS ISC] Keep An Eye on your Root Certificates has been first published on /dev/random]
Continue reading [SANS ISC] Keep An Eye on your Root Certificates
Savitech provides USB audio drivers for a number of specialized audio products. Some versions of the Savitech driver package silently install a root CA certificate into the Windows trusted root certificate store. Continue reading VU#446847: Savitech USB audio drivers install a new root CA certificate
Savitech provides USB audio drivers for a number of specialized audio products. Some versions of the Savitech driver package silently install a root CA certificate into the Windows trusted root certificate store. Continue reading VU#446847: Savitech USB audio drivers install a new root CA certificate
We took the most popular dating apps and analyzed what sort of user data they were capable of handing over to criminals and under what conditions. Continue reading Dangerous liaisons
Certificate Transparency and OCSP Must-Staple can’t get here fast enough. Continue reading HTTPS Certificate Revocation is broken, and it’s time for some new tools
Chrome to immediately stop recognizing EV status and gradually nullify all certs. Continue reading Google takes Symantec to the woodshed for mis-issuing 30,000 HTTPS certs [updated]
We take a look at what DNSSEC is and why we need it. Plus an overview of how far the implementation has progressed in the Netherlands based on a SIDN report.
Categories:
Security world
Technology
Tags: authenticationcertificatednssecdomain name secur… Continue reading DNSSEC: why do we need it?
It’s funny, how obsessed we are with qualifications these days. Kids go to school and are immediately thrust into a relentless machine of tests, league tables, and exams. They are ruthlessly judged on grades, yet both the knowledge and qualifications those grades represent so often boil down to relatively useless pieces of paper. It doesn’t even end for the poor youngsters when they leave school, for we are now in an age in which when on moving on from school a greater number of them than ever before are expected to go to university. They emerge three years later carrying …read more
