On Mon, Feb 11, 2013 at 8:49 PM, Kevin W. Wall <[email protected]> wrote:
> [Full-disclosure: I am not a Bit9 customer; I just get their
> spam^H^H^H^H, er, informative product emails, thanks to a colleague
> who signed me up for their mailing list.]
>...
There were two code signing certificate failures over the past week:
"Digital certificates and malware: a dangerous mix,"
http://blog.malwarebytes.org/intelligence/2013/02/digital-certificates-and-malware-a-dangerous-mix/.
This one looks like a result of race to the bottom.

> What no one seems to be questioning in the first place is why
> Bit9 had a *central* code-signing key used to white-list all
> the applications in the first place. That pretty much set them
> up to be a primary target.
Their model likely protects their revenue stream.

I also wondered about their processes. Is the private key in an HSM?
Or is it Sneaker-Net'd to a dedicated machine in an appropriate
security boundary when needed? Or is it left online all the time,
without a security boundary....

> So am I totally off base here in thinking that Bit9 would have better
> off requiring that their customers generate their own key pairs? If
> so, I'd like to know why.
Their model likely protects their revenue stream.

Jeff
_______________________________________________
cryptography mailing list
[email protected]
http://lists.randombit.net/mailman/listinfo/cryptography

Reply via email to