Author Topic: When a Signed Java JAR file is not Proof of Trust  (Read 10336 times)

0 Members and 1 Guest are viewing this topic.

March 05, 2013, 07:07:27 pm
Read 10336 times

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3335
http://eromang.zataz.com/2013/03/05/when-a-signed-java-jar-file-is-not-proof-of-trust/


Quote
Today, Malware Domain List, reported strange behaviours regarding a Java app executed with the latest version of Java 6.


Ruining the bad guy's day

March 05, 2013, 09:55:21 pm
Reply #1

dlipman

  • Special Access
  • Full Member

  • Offline
  • *

  • 60
    • Multi-AV Scanning Tool

March 06, 2013, 09:19:45 am
Reply #2

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3335
Ruining the bad guy's day

March 06, 2013, 02:25:25 pm
Reply #3

dlipman

  • Special Access
  • Full Member

  • Offline
  • *

  • 60
    • Multi-AV Scanning Tool
I guess they do.

http://www.godaddy.com/ssl/code-signing-certificate.aspx

I hope its not like Comodo.  I remember a time when we had to have Kishor revoke Comodo certificates used with malware.