Infosecurity.US

Information Security & Occasional Forays Into Adjacent Realms

  • Web Log

Blunderific →

September 24, 2015 by Marc Handelman in Blatant Stupidity

Really has to be read to beleive it... This weeks' evidence that stupidity is most certainly alive and well in the network hardware business points to the geniuses at D-Link and their publishing of the company's code-signing key - publicly.

"The key expired earlier this month, but Klijnsma said that any software that was signed before the expiration date will continue to be accepted as a legitimate D-Link release. He said the key is accepted by Microsoft Windows code-signing requirements and appears to be accepted by Apple's OS X as well. The security analyst said he has reported the leaked key to officials at Symantec, the security firm that oversees the certificate authority that validated the D-Link key, in hopes of getting it revoked. It's unclear if or when that revocation may happen." - via Ars Technica's Dan Goodin

September 24, 2015 /Marc Handelman
Blatant Stupidity
  • Newer
  • Older