Security researcher Mikko Hypponen reports finding a piece of malicious software that was cryptographically signed by a forged Adobe certificate originating with Government of Malaysia: Malaysian Agricultural Research and Development Institute, whose signing certificate was "stolen quite some time ago."
There are several hundred parties that are trusted by OSes, browsers and software to issue certificates, from Verisign to many national governments. A computer receiving a software update signed by a forged certificate will not be able to tell that there's anything funny about the update, but installing such an update could result in a thoroughly compromised computer.
I've been hearing persistent reports of this from security researcher friends, including reports of signed malware that can take over mobile phones and computers, compromising them so that their cameras and mics can be operated covertly, their keystrokes logged, their files plundered, etc. And the worst thing is, if you don't install updates, you can end up with security vulnerabilities that leave your computer liable to takeover by malware that does just the same thing.
Malware Signed With a Governmental Signing Key
China’s Internet censors are capricious and impossible to predict — but this isn’t because China’s censors are incompetent, rather, they’re tapping into one of the most powerful forms of conditioning, the uncertainty born of intermittent reinforcement.
Rogue archivist Carl Malamud writes, “In 1993, I started a radio station on the Internet, engaging in activities that later became known as podcasting and webcasting. I’m pleased to say that I’ve finished uploaded the archive of Internet Talk Radio to the Internet Archive.”
Brett Bobley writes, “‘Hypertext: an Educational Experiment in English and Computer Science at Brown University’ is an amazing documentary film from 1976 made by Brown University computer scientist Andries ‘Andy’ van Dam.”
Why buy one of those expensive and confusing universal remotes, clogged with enough buttons to launch a space shuttle, when you could accomplish the same electronic control right on your favorite mobile device? The Blumoo Universal Remote, now just $52.99 in the Boing Boing Store, harnesses the audio power of all your household equipment right […]
You may not love Microsoft Word, but you’ve definitely used it. Other than being one of the most ubiquitous programs on the planet, it’s been the go-to word processing system for more than a quarter-century because it’s as basic as it gets. But occasionally, you’ve got assignments that beg for a lot more options than simple […]
Almost everyone has their smartphone in a case of one kind or another. Beyond simple protection, finding a case that can charge your phone on its own, but doesn’t feel like it’s also adding a couple pounds to the phone’s weight is the tricky part. Billed as the world’s thinnest battery case, the ThinCharge iPhone […]