On 2/6/2010 7:04 AM, Eddy Nigg wrote:
Isn't it about time that extensions and applications get signed with
verified code signing certificates? Adblock Plus is doing for a while
now I think, perhaps other should too?
Because this isn't really comforting:
On 2/6/2010 8:08 AM, David E. Ross wrote:
On 2/6/2010 7:04 AM, Eddy Nigg wrote:
Isn't it about time that extensions and applications get signed with
verified code signing certificates? Adblock Plus is doing for a while
now I think, perhaps other should too?
Because this isn't really
I don't think it would have made a tremendous difference here. One of
them was likely infected accidentally (only one version of the addon
contained malware and the developer is actively communicating with
us). Code signing doesn't prevent malicious code from being inserted
into an
On 06/02/2010 15:04, Eddy Nigg wrote:
Isn't it about time that extensions and applications get signed with
verified code signing certificates? Adblock Plus is doing for a while
now I think, perhaps other should too?
I don't know if more details are available than have been published so
far,
On 02/06/2010 08:30 PM, Lucas Adamski:
I don't think it would have made a tremendous difference here. One of
them was likely infected accidentally (only one version of the addon
contained malware and the developer is actively communicating with us).
In this case perhaps - in another case
On 02/06/2010 08:42 PM, Michael Lefevre:
On 06/02/2010 15:04, Eddy Nigg wrote:
Isn't it about time that extensions and applications get signed with
verified code signing certificates? Adblock Plus is doing for a while
now I think, perhaps other should too?
I don't know if more details are
On 06/02/2010 19:47, Eddy Nigg wrote:
But I guess you would think twice to sign (malicious) code with your
name - any code for that matter.
How hard is it to sign it with a cert you bought with a stolen credit
card number, using the name from the card ?
A 50$ code signing certificate just
On 02/06/2010 10:58 PM, Jean-Marc Desperrier:
On 06/02/2010 19:47, Eddy Nigg wrote:
But I guess you would think twice to sign (malicious) code with your
name - any code for that matter.
How hard is it to sign it with a cert you bought with a stolen credit
card number, using the name from the