zlacker

[return to "Leaked stolen Nvidia cert can sign Windows malware"]
1. bratwu+B8[view] [source] 2022-03-05 11:29:23
>>Zuider+(OP)
Hmmm maybe i should keep windows offline for a few days…..
◧◩
2. gchamo+x9[view] [source] 2022-03-05 11:35:23
>>bratwu+B8
I always use opportunities like this to experiment with whatever workflow I have on Linux to see what state it's at. I just game on Windows and do work on Linux so for me the transition is always quite simple: just install what you want on Steam/lutris and compare performance.

Last time I was starting vanishing of Ethan Carter, but even though it was playable, the experience wasn't free of stutters, whereas windows ran flawlessly.

In any case, it is always nice to jump back and check out how far Linux has come.

◧◩◪
3. Genbox+Td[view] [source] 2022-03-05 12:16:32
>>gchamo+x9
A stolen code signing certificate affect Linux in the same capacity as Windows.

I'm of course ignoring the fact that a lot of Linux distros still do not have Secure Boot enabled by default, and therefore do not enforce any kernel driver signing policy.

◧◩◪◨
4. gchamo+Nw[view] [source] 2022-03-05 14:48:46
>>Genbox+Td
Aren't Linux packages signatures verified upon delivery with gpg keys? Whereas windows verifies them upon installation.

Can the same certificate be used to cause supply chain attacks?

[go to top]