Digital Signature Hacks

[Guest]

[DonZ]

Now that digital signatures have been hacked in the wild, I am curious as to Comodo's response to this.

I am specifically concerned about Comodo's CIS "whitelisting" capability. I assume they use digitial signatures in this feature to verifiy applications?

In particular does Defense+ use digital signatures to verify "safe" applications?

[SiberLynx]

Now that digital signatures have been hacked in the wild, I am curious as to Comodo's response to this.

I am specifically concerned about Comodo's CIS "whitelisting" capability. I assume they use digitial signatures in this feature to verifiy applications?
In particular does Defense+ use digital signatures to verify "safe" applications?

Hi DonZ ,
Please read this & below & some other threads re:the matter  
https://forums.comodo.com/general-discussion-off-topic-anything-and-everything/why-cis-premium-is-superior-t57616.0.html;msg404852#msg404852

Many new "funny" things are coming  ... rest assured

Cheers!

[DonZ]

Perhap Melih didn't see this: http://www.sophos.com/blogs/sophoslabs/?p=10078

[SiberLynx]

Perhap Melih didn't see this: http://www.sophos.com/blogs/sophoslabs/?p=10078

Thanks for the reply, DonZ

Well, I am sure Melih have seen that already  ... but anyway thanks for the link

It's just interesting that questioning of "dig sigs" & creating huge trusted list  was done way & long before ... but 

Cheers!

[Melih]

unfortunately Verisign (and Equifax, which is also a Verisign owned Root Key under Geotrust) are notoriously slow at responding. just check www.ccssforum.com malware section to see...

Melih

[Tags:]