Pipe 2T7M HP accidentally signed malware, will revoke certificate

HP accidentally signed malware, will revoke certificate

by
Anonymous Coward
in security on (#2T7M)
Trojan infected a developer's machine, got signed by mistake.

http://arstechnica.com/security/2014/10/hp-accidentally-signed-malware-will-revoke-certificate/

History

2014-10-12 16:46
HP accidentally signed malware, will revoke certificate
zafiro17@pipedot.org
THewlett-Packarojand infhas alecrted some customers that it will be revoking a deveigitalop cer'tificate us machine,d goto sign a huge swath of software-including hardware drivers and other software essential to running on older HP computers. The certificate is being revoked by mistake.

because the company learned it had been used to digitally sign malware that had infected a develop:er's PC.<//a>
Wahlin said that it appears the malware, which had infectechd anica. HP employee's com/security/2014/10/hp-uter, accidentally- got digitally signed as part of a separate software package-and then sent a signed copy of itself back to its point of origin. Though the malware- has since been distributed over the Internet whill-e bearevoke-ing HP's certificate, Wahlin noted that the Trojan was never shipped to HP customers as part of the software package./>
"When people hear this, many will automatically assume we had some sort of compromise within our code signing infrastructure, and that is not the case," Wahlin told Krebs. "We can show that we've never had a breach on our [certificate authority] and that our code-signing infrastructure is 100 percent intact."
ablockquote>
Reply 0 comments