RSS feed Get our RSS feed

News by Topic

Protecting Your Code Updates: How to Defend Against SSL Spoofing Attacks


It is an axiom of computer security that users have to trust some aspects of the system. Yet developers of many essential software applications fail to take simple measures to validate that trust.

Code signing certificates are the standard for providing proof of origin for an executable software program. It is common for malicious software to masquerade as legitimate, and code signing has long been a way to protect against this threat. Many of the most sophisticated software companies rely on code signing, and for good reason. The liability and embarrassment that result from a compromise of the update process are devastating for a software vendor.

New research describes attacks against SSL that create opportunities to compromise the update processes of unsigned software. This paper will show how code signing works, how attacks can be mounted against unsigned software, (including autoupdate software), and how real-world signing systems protect software vendors, enterprises and end users.

Tags : verisign, ssl spoofing attack, code protection, security, code signing certificates, malicious software
 Email this page
Published:  Feb 10, 2011
Length:  16
Type:  White Paper