Be the first to like this
Adobe’s code-signing infrastructure got hacked and now you have to worry about some really bad software out there that your computers will think are valid, safe applications from Adobe. One of them is …
Adobe’s code-signing infrastructure got hacked and now you have to worry about some really bad software out there that your computers will think are valid, safe applications from Adobe. One of them is pwdump which gets Windows passwords. Ever since Flame, Randy Franklin Smith from Ultimate Windows Security, has been saying that if Microsoft’s update infrastructure got hacked, it was only be a matter of time before another vendor’s did too. And that’s what this is all about. The methods are different, but both boil down to exploiting mistakes Microsoft and Adobe made in their PKI used to sign code. The reason this is so impactful to an organization, is that it allows the bad guys to trick your systems into running malicious code that looks like it came from Adobe – but you get that right? It really stinks though because no matter how good you maintain your systems, you are still at the mercy of the security of your software vendors.
Download this presentation to learn:
• How can you stop this particular threat?
• How can you deploy some strategic technologies and controls to address the risk of compromised code signatures and vendor update infrastructures?
• How can you preemptively control your exposure to the mistakes of your software vendors and/or when they get hacked? (In all fairness no one is safe from getting breached.)