Matsuda Posted October 10, 2014 Share Posted October 10, 2014 Trojan infected a developer's machine, got signed by mistake.Hewlett-Packard has alerted some customers that it will be revoking a digital certificate used to sign a huge swath of software—including hardware drivers and other software essential to running on older HP computers. The certificate is being revoked because the company learned it had been used to digitally sign malware that had infected a developer’s PC.An HP executive told security reporter Brian Krebs that that the certificate itself wasn’t compromised. HP Global Chief Information Security Officer Brett Wahlin said that HP had recently been alerted to the signed malware—a four-year old Windows Trojan—by Symantec.Wahlin said that it appears the malware, which had infected an HP employee's computer, accidentally got digitally signed as part of a separate software package—and then sent a signed copy of itself back to its point of origin. Though the malware has since been distributed over the Internet while bearing HP's certificate, Wahlin noted that the Trojan was never shipped to HP customers as part of the software package.“When people hear this, many will automatically assume we had some sort of compromise within our code signing infrastructure, and that is not the case,” Wahlin told Krebs. “We can show that we’ve never had a breach on our [certificate authority] and that our code-signing infrastructure is 100 percent intact.”Regardless of the cause, the revocation of the affected certificate will require HP to re-issue a large number of software packages with a new digital signature. While the certificate drop may not affect systems with the software already installed, users will be alerted to a bad certificate if they attempt to re-install software from original media.The full impact of the certificate revocation won’t be known until after Verisign revokes the certificate on October 21, Wahlin said.Original Article Link to comment Share on other sites More sharing options...
oliverjia Posted October 10, 2014 Share Posted October 10, 2014 FUK these stupid morons. Link to comment Share on other sites More sharing options...
software182 Posted October 10, 2014 Share Posted October 10, 2014 Any refund for this :shit: ? :p :lol: Link to comment Share on other sites More sharing options...
rudrax Posted October 11, 2014 Share Posted October 11, 2014 What's the evac procedure? Link to comment Share on other sites More sharing options...
Luaine Posted October 11, 2014 Share Posted October 11, 2014 :fool: Link to comment Share on other sites More sharing options...
SPECTRUM Posted October 11, 2014 Share Posted October 11, 2014 accidentally or intentionally ? xD Link to comment Share on other sites More sharing options...
VIIZ Posted October 11, 2014 Share Posted October 11, 2014 lol :lmao: Link to comment Share on other sites More sharing options...
212eta Posted October 12, 2014 Share Posted October 12, 2014 HP = Hardly Perfect... :rolleyes: Link to comment Share on other sites More sharing options...
funkyy Posted October 13, 2014 Share Posted October 13, 2014 HP = High Price :angry: Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.