This time around it's HP: http://arstechnica.com/security/2014/10/hp-accidentally-signed-malware-will-revoke-certificate/
With a twist: the CA itself was not compromised. One of the computers trusted with code signing had become infected with a bit of malware that got itself signed with a HP key and then shipped itself back to the distributor. It's been in the wild in its signed formed for the past four years.
-- Rich P. _______________________________________________ Discuss mailing list [email protected] http://lists.blu.org/mailman/listinfo/discuss
