Malware Domain List

Malware Related => Tools of the trade / Internet News => Topic started by: SysAdMini on March 05, 2013, 07:07:27 pm

Title: When a Signed Java JAR file is not Proof of Trust
Post by: SysAdMini on March 05, 2013, 07:07:27 pm
http://eromang.zataz.com/2013/03/05/when-a-signed-java-jar-file-is-not-proof-of-trust/


Quote
Today, Malware Domain List, reported strange behaviours regarding a Java app executed with the latest version of Java 6.


(http://i2.wp.com/eromang.zataz.com/wp-content/uploads/java-signed-applet3.png?resize=673%2C431)
Title: Re: When a Signed Java JAR file is not Proof of Trust
Post by: dlipman on March 05, 2013, 09:55:21 pm
I didn't know GoDaddy was a CA.
Title: Re: When a Signed Java JAR file is not Proof of Trust
Post by: SysAdMini on March 06, 2013, 09:19:45 am
I didn't know GoDaddy was a CA.

Me too.
Title: Re: When a Signed Java JAR file is not Proof of Trust
Post by: dlipman on March 06, 2013, 02:25:25 pm
I guess they do.

http://www.godaddy.com/ssl/code-signing-certificate.aspx

I hope its not like Comodo.  I remember a time when we had to have Kishor revoke Comodo certificates used with malware.