Security researcher Mikko Hypponen reports finding a piece of malicious software that was cryptographically signed by a forged Adobe certificate originating with Government of Malaysia: Malaysian Agricultural Research and Development Institute, whose signing certificate was "stolen quite some time ago."
There are several hundred parties that are trusted by OSes, browsers and software to issue certificates, from Verisign to many national governments. A computer receiving a software update signed by a forged certificate will not be able to tell that there's anything funny about the update, but installing such an update could result in a thoroughly compromised computer.
I've been hearing persistent reports of this from security researcher friends, including reports of signed malware that can take over mobile phones and computers, compromising them so that their cameras and mics can be operated covertly, their keystrokes logged, their files plundered, etc. And the worst thing is, if you don't install updates, you can end up with security vulnerabilities that leave your computer liable to takeover by malware that does just the same thing.
Malware Signed With a Governmental Signing Key
Most Facebook users have no idea how the company tracks and profiles everything they do to target ads, a new Pew Research study confirms.
Federal agents today arrested a man in Georgia who they say was planning an attack with weapons and explosives on the White House, the Washington Monument, and the Lincoln Memorial in Washington, DC.
Noah Rotem got an intriguing error message from El Al's reservation system ("PNR: https://fly.elal.co.il/LOTS-OF-NUMBERS-HERE*) and by tugging at the loose thread it revealed, he was able to view any "Passenger Name Record" in El Al's system, allowing him to "make changes, claim frequent flyer miles to a personal account, assign seats and meals, and update […]
These days, there isn’t much our iPhone camera can’t do – except feel like an actual phone. Despite years of steadily increasing resolution and image sensing technology, we’re still taking shots awkwardly with two hands, fumbling for the shutter button. Leave it to an avid photographer to design Shuttercase, a versatile iPhone case that solves […]
Still determined to keep those New Year’s health resolutions? If you’re going to stick with the exercise plan, it’s enough of a challenge to budget your time. No need for your financial budget to take a hit, too. Here’s a more convenient – and cheaper – alternative to a gym membership or Peloton bike: Two […]
Want a career in web design? It’s true that these days, most anyone can throw up a page or two. But for true workhorse web design, you’ll sometimes need to match the platform to the project. Enter the Complete Front-End Developer Bundle, an educational grand tour around the best tools for the web. For beginners, […]