On Mon, Feb 11, 2013 at 8:49 PM, Kevin W. Wall <[email protected]> wrote: > [Full-disclosure: I am not a Bit9 customer; I just get their > spam^H^H^H^H, er, informative product emails, thanks to a colleague > who signed me up for their mailing list.] >... There were two code signing certificate failures over the past week: "Digital certificates and malware: a dangerous mix," http://blog.malwarebytes.org/intelligence/2013/02/digital-certificates-and-malware-a-dangerous-mix/. This one looks like a result of race to the bottom.
> What no one seems to be questioning in the first place is why > Bit9 had a *central* code-signing key used to white-list all > the applications in the first place. That pretty much set them > up to be a primary target. Their model likely protects their revenue stream. I also wondered about their processes. Is the private key in an HSM? Or is it Sneaker-Net'd to a dedicated machine in an appropriate security boundary when needed? Or is it left online all the time, without a security boundary.... > So am I totally off base here in thinking that Bit9 would have better > off requiring that their customers generate their own key pairs? If > so, I'd like to know why. Their model likely protects their revenue stream. Jeff _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
