Cookie policy: This site uses cookies (small files stored on your computer) to simplify and improve your experience of this website. Cookies are small text files stored on the device you are using to access this website. For more information on how we use and manage cookies please take a look at our privacy and cookie policies. Some parts of the site may not work properly if you choose not to accept cookies.

sections
Home > VeriSign > Protecting Your Code Updates: How to Defend Against SSL Spoofing Attacks
 

Protecting Your Code Updates: How to Defend Against SSL Spoofing Attacks

White Paper Published By: VeriSign
VeriSign
Published:  Feb 10, 2011
Type:  White Paper
Length:  16 pages

It is an axiom of computer security that users have to trust some aspects of the system. Yet developers of many essential software applications fail to take simple measures to validate that trust.

Code signing certificates are the standard for providing proof of origin for an executable software program. It is common for malicious software to masquerade as legitimate, and code signing has long been a way to protect against this threat. Many of the most sophisticated software companies rely on code signing, and for good reason. The liability and embarrassment that result from a compromise of the update process are devastating for a software vendor.

New research describes attacks against SSL that create opportunities to compromise the update processes of unsigned software. This paper will show how code signing works, how attacks can be mounted against unsigned software, (including autoupdate software), and how real-world signing systems protect software vendors, enterprises and end users.



Tags : 
verisign, ssl spoofing attack, code protection, security, code signing certificates, malicious software