zlacker

[return to "Leaked stolen Nvidia cert can sign Windows malware"]
1. pintxo+k8[view] [source] 2022-03-05 11:26:02
>>Zuider+(OP)
If a corp like Nvidia cannot manage to store Code signing certs on hardware only, the whole process is broken beyond repair. What’s the value of signed code going forward?
◧◩
2. keving+Bw[view] [source] 2022-03-05 14:48:09
>>pintxo+k8
https certificates leak all the time and we still use https. Something is better than nothing. Now, is it worthwhile to use code signing certs to try and certify the identity of the author? Maybe not, it was slowly phased out for https. But we certainly need something because the alternative (just download and run whatever) was tried and definitely did not work out. We don't want grandma doing the equivalent of 'curl http://x | sudo bash' 4 times a week.
◧◩◪
3. hulitu+PS[view] [source] 2022-03-05 17:11:30
>>keving+Bw
> We don't want grandma doing the equivalent of 'curl http://x | sudo bash' 4 times a week.

That's why we have web browsers running untrusted remote code.

[go to top]