Security researcher Mikko Hypponen reports finding a piece of malicious software that was cryptographically signed by a forged Adobe certificate originating with Government of Malaysia: Malaysian Agricultural Research and Development Institute, whose signing certificate was "stolen quite some time ago."
There are several hundred parties that are trusted by OSes, browsers and software to issue certificates, from Verisign to many national governments. A computer receiving a software update signed by a forged certificate will not be able to tell that there's anything funny about the update, but installing such an update could result in a thoroughly compromised computer.
I've been hearing persistent reports of this from security researcher friends, including reports of signed malware that can take over mobile phones and computers, compromising them so that their cameras and mics can be operated covertly, their keystrokes logged, their files plundered, etc. And the worst thing is, if you don't install updates, you can end up with security vulnerabilities that leave your computer liable to takeover by malware that does just the same thing.
Malware Signed With a Governmental Signing Key
Google is downranking websites that use pejorative, racist terms like n*gger, so the awful people of 4chan and /pol/ are replacing that word with “google.”
It’s been more than 20 years since the publication of Making Book, Teresa Nielsen Hayden’s collection of essays, mostly drawn from the pre-online days of fanzines and letters columns; this year, in honor of Teresa’s stint as Fan Guest of Honor at Midamericon II, the 74th World Science Fiction Convention, NESFA Press has published a second volume: Making Conversation, a collection of essays drawn from the online world on subjects as varied as moderation and trolling, cooking, hamster-rearing, fanfic, narcolepsy, the engineering marvels of the IBM Selectric, and more.
Someone — possibly the government of China — has launched a series of probing attacks on the internet’s most critical infrastructure, using carefully titrated doses of denial-of-service to precisely calibrate a tool for shutting down the whole net.
CloudPress is a responsive WordPress theme builder that allows you to create a whole site in less than 30 minutes. CloudPress comes with tools like pre-built headers, content blocks, and footers—all you have to do is pick what you like, and drag and drop. With your subscription, you get access to 13 professionally designed WordPress themes, over 80 […]
If you own a dog, you’ve most likely heard of BarkBox – the monthly subscription box for dogs. What started as a simple idea to try out the subscription model on pet owners has since developed a cult following of dog lovers. If you haven’t given it a try yet, this one month free deal is the […]
With the iPhone headphone jack having gone by the wayside, we’re excited about the addition of the FRANKLIN Bluetooth Headphones in our store. These headphones are foldable so they’re easy to carry around, but most importantly, they pack impressive sound. Our biggest struggle with Bluetooth headphones is the worry of them dying at the worst moment. This pair lasts an impressive 8-10 […]