zlacker

[return to "Leaked stolen Nvidia cert can sign Windows malware"]
1. pintxo+k8[view] [source] 2022-03-05 11:26:02
>>Zuider+(OP)
If a corp like Nvidia cannot manage to store Code signing certs on hardware only, the whole process is broken beyond repair. What’s the value of signed code going forward?
◧◩
2. Genbox+9f[view] [source] 2022-03-05 12:27:22
>>pintxo+k8
There is a hint of frequency illusion here. Millions of code signing certificates are stored securely on hardware devices or by other means. A leak of a private key every now and then does not negate the security of the entire ecosystem.
◧◩◪
3. pintxo+Nj[view] [source] 2022-03-05 13:08:32
>>Genbox+9f
Is there any proof that most others store their certificates on hardware?
◧◩◪◨
4. native+2V[view] [source] 2022-03-05 17:22:03
>>pintxo+Nj
I bought a Windows EV code signing cert just months ago. It comes in the form of a password protected USB token.
[go to top]