[Fed-Talk] McAfee certificate
[Fed-Talk] McAfee certificate
- Subject: [Fed-Talk] McAfee certificate
- From: Todd Heberlein <email@hidden>
- Date: Fri, 15 Feb 2013 09:16:04 -0800
Wasn't sure if this has already been posted, but thought it would be important (and has a few implications). Even though I deal in security every day, I still find it a pain in the butt, especially when dealing with cryptography stuff. (Reviewing the President's new executive order today).
A world of hurt after McAfee mistakenly revokes key for signing Mac apps Just allow untrusted certificates, one customer told.
A McAfee administrator accidentally revoked the digital key used to certify desktop applications that run on Apple's OS X platform, creating headaches for customers who want to install or upgrade Mac antivirus products. Oops.
Asked why applications haven't been signed a week after the key was revoked, Bryan said the error was discovered only two days ago. In addition to generating a new key, engineers must also rebuild and resign applications and then perform quality-assurance testing to make sure the updated programs work properly. He didn't immediately have an estimate for when the problem would be resolved.
Interesting that it took about 5 days before McAfee discovered the problem. I wonder why it wasn't discovered earlier?
Last week, a private key that security firm Bit9 uses to certify software was stolen by crooks and used to put a trusted seal of approval on malware that infected at least three Bit9 customers. A widely trusted key-signing certificate belonging to Adobe Systems wassimilarly compromised in September.
Hmmm... I'm feeling the need to get a new key+certificate.
Todd
|
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden