Micro-Star International—aka MSI—had its UEFI signing key stolen last month. This raises the possibility that the leaked key could push out updates that would infect a computer’s most nether regions without triggering a warning. To make matters worse, Matrosov said, MSI doesn’t have an automated patching process the way Dell, HP, and many larger hardware … Read More “Micro-Star International Signing Key Stolen” »
Category: signatures
Auto Added by WPeMatico
Interesting paper: “Shadow Attacks: Hiding and Replacing Content in Signed PDFs“: Abstract: Digitally signed PDFs are used in contracts and invoices to guarantee the authenticity and integrity of their content. A user opening a signed PDF expects to see a warning in case of any modification. In 2019, Mladenov et al. revealed various parsing vulnerabilities … Read More “Hacking Digitally Signed PDF Files” »
Researchers have demonstrated spoofing of digital signatures in PDF files. This would matter more if PDF digital signatures were widely used. Still, the researchers have worked with the various companies that make PDF readers to close the vulnerabilities. You should update your software. Details are here. News article. Powered by WPeMatico
This is interesting research: “On the Security of the PKCS#1 v1.5 Signature Scheme“: Abstract: The RSA PKCS#1 v1.5 signature algorithm is the most widely used digital signature scheme in practice. Its two main strengths are its extreme simplicity, which makes it very easy to implement, and that verification of signatures is significantly faster than for … Read More “Evidence for the Security of PKCS #1 Digital Signatures” »
Stuxnet famously used legitimate digital certificates to sign its malware. A research paper from last year found that the practice is much more common than previously thought. Now, researchers have presented proof that digitally signed malware is much more common than previously believed. What’s more, it predated Stuxnet, with the first known instance occurring in … Read More “Signed Malware” »
ProofMode is an app for your smartphone that adds data to the photos you take to prove that they are real and unaltered: On the technical front, what the app is doing is automatically generating an OpenPGP key for this installed instance of the app itself, and using that to automatically sign all photos and … Read More ““Proof Mode” for your Smartphone Camera” »
This paper wins “best abstract” award: “Quantum Tokens for Digital Signatures,” by Shalev Ben David and Or Sattath: Abstract: The fisherman caught a quantum fish. “Fisherman, please let me go,” begged the fish, “and I will grant you three wishes.” The fisherman agreed. The fish gave the fisherman a quantum computer, three quantum signing tokens … Read More “Quantum Tokens for Digital Signatures” »