PS3 jailbreak, stuxnet, and best practices in private key protection
About a month ago Sony made headlines at the Chaos Communication Congress in Berlin when a Playstation 3 jailbreak was revealed based on the use of stolen private keys for the PS3's code signing functionality. This incident illustrates the danger organizations face if their private keys are stolen. Similar incidents in the wild can result in the forced revocation of code signing certificates, which may cause existing deployments to stop working. To help organizations protect themselves from this possibility, Symantec has commissioned security writer/blogger Larry Seltzer to study the stuxnet attack (which depended in part on stolen certificates) and lay out the best practices in protecting your private keys: Securing Your Private Keys as Best Practice for Code Signing Certificates.