- Status
Valentin N said:
But if so, for how long? Only way around it now is having HIPS turned to paranoid correct? in v6, we have full virtualization, and Local BB coming, so surely when BB thinks someting is wrong, it throws it to Sandbox? There should be a way for it to work if you know what I mean, so all Signed stuff is just not allowed to run its course fully??
Discuss...
Thanks for the link by the way, been meaning to get into a talk/debate about this.
There are quite a few problems with certs - the two largest being:
1) That you are putting trust into CA's, which essentially sell that trust to whoever's willing to pay (it is deadly easy to get a cert from certain CA's.)
2) CA's aren't protecting their certs, which means hackers can... hack them.
The issue is... why do we trust CA's? Who's auditing them? Who's saying the CA's are legit?
Furthermore, Certs have only ever been used as pure whitelistin. Is it certified? Grant it full access. They should be used as indicators and not 100% trusted identifiers.
1) That you are putting trust into CA's, which essentially sell that trust to whoever's willing to pay (it is deadly easy to get a cert from certain CA's.)
2) CA's aren't protecting their certs, which means hackers can... hack them.
The issue is... why do we trust CA's? Who's auditing them? Who's saying the CA's are legit?
Furthermore, Certs have only ever been used as pure whitelistin. Is it certified? Grant it full access. They should be used as indicators and not 100% trusted identifiers.
Valentin N said:
This could develop into a problem that effects all security products that uses whitelisting also the digital checker on Windows OS when you run an executable file.
I don't think this issue is widespread, but could be the next major vulnerability effecting security products that rely on whitelists as the primary source of detection. (This includes a lot of AV's and firewalls).
Thanks.
- Status
You may also like...
-
New MacSync Stealer Malware Attacking macOS Users Using Digitally Signed Apps- Started by Brownie2019
- Replies: 2
-
Malware bypassed macOS Gatekeeper by abusing Apple's notarization proccess- Started by enaph
- Replies: 1
-
Threat Actors Abuse ConnectWise Configuration to Build a Signed Malware- Started by Parkinsond
- Replies: 3
-
Microsoft Warns of Node.js Abuse for Malware Delivery
- Started by Brownie2019
- Replies: 0
-
