Security researcher Mikko Hypponen reports finding a piece of malicious software that was cryptographically signed by a forged Adobe certificate originating with Government of Malaysia: Malaysian Agricultural Research and Development Institute, whose signing certificate was "stolen quite some time ago."
There are several hundred parties that are trusted by OSes, browsers and software to issue certificates, from Verisign to many national governments. A computer receiving a software update signed by a forged certificate will not be able to tell that there's anything funny about the update, but installing such an update could result in a thoroughly compromised computer.
I've been hearing persistent reports of this from security researcher friends, including reports of signed malware that can take over mobile phones and computers, compromising them so that their cameras and mics can be operated covertly, their keystrokes logged, their files plundered, etc. And the worst thing is, if you don't install updates, you can end up with security vulnerabilities that leave your computer liable to takeover by malware that does just the same thing.
Malware Signed With a Governmental Signing Key
Though India’s independent telcoms regulator has banned services like Facebook’s “Free Basics” — which bribed phone companies to exempt Facebook’s chosen services from the carriers’ punishing data-caps — the debate rages on, as Free Basics has taken hold through many poor countries around the world.
“HondAnonymous” is a commenter on Jalopnik, a Gawker site about cars, who claims to work at Honda’s R&D facility.
In 1996, in the midst of the Clinton administration’s attack on the Internet and cryptography, Grateful Dead lyricist and EFF co-founder John Perry Barlow sat down in Davos, Switzerland, where he’d been addressing world leaders on the subject of the Internet and human rights, and wrote one of net-culture’s formative documents: The Declaration of Independence […]
If you’ve been blessed enough to avoid them yourself, you’ve definitely heard the horror stories. Late night, crushing out a ton of work, writing, coding, anything, then boom – your computer crashes. The battery blows, you spill water or coffee all over the place, or it just shuts down with no explanation, and you’re screwed. […]
You travel around a lot. It might be that jet set life from New York to LA to London to Tokyo, or it might be back and forth from the coffee shop to the office, or from the kitchen to the couch. Any which way, you’re mobile and that’s the way to live. When you […]
It’s 2016 and we like our technology really small. Our phones fit in our pockets, our remotes are lighter than ever, and even our cars seem to be shrinking. So your new drone shouldn’t be an exception. This Axis VIDIUS Drone is 21% off right now and it’s so little, your biggest problem won’t be […]