- From: Noah Mendelsohn <nrm@arcanedomain.com>
- Date: Wed, 10 Dec 2014 11:43:35 -0500
- To: "www-tag@w3.org" <www-tag@w3.org>
Another anecdote for the TAG to consider as it wrestles with issues relating to identity, security and the switch to HTTPs: http://threatpost.com/new-version-of-destover-malware-signed-by-stolen-sony-certificate/109777 In short, hackers (famously) arranged a massive penetration of Sony's network. While there, they apparently stole copies of the keys needed to sign software for use with Sony's CA-authorized certificate, and...they went and signed a version of the very software they had used to achieve the breakin in the first place. Noah
Received on Wednesday, 10 December 2014 16:44:00 UTC