Blogger Roman Poroshyn recently posted commentary pointing out that code signing certificates can be stolen (as illustrated by the Stuxnet attack) and that he expects the syndrome of stolen certificates to continue in 2011. Roman writes,

Stuxnet has made it painfully clear that a virtual identity can be stolen. Authorities issuing digital certificates are unable to prevent that and their response is always delayed, because it is based on reports from computer security companies.

The good news is that a well developed code signing paradigm exists that can greatly improve our ability to defend against certificate theft. It's called...

Whole buncha headlines yesterday as Google pulled the plug on more than fifty Android apps for containing malware. Threatpost has a good writeup here, and Android Police has even more detail here and here. Existing writing on the subject has focused on the cleverness and skill of the trojan itself, along with debate about how soon...

At Search Engine Strategies in New York City last year I was interviewed by Patti Simone of WomenCentric and Marketing-Advantage.net. Patti posted the video, in which I explain VeriSign Seal-in-Search and show a heat map of real search results. It's a pretty crisp description of Seal-in-Search, and the pictures are helpful, but do try to ignore my right hand. Next time I promise I'll tie it behind my back.

The SSL blog has covered the progress in adoption of full https coverage on popular web sites such as gmail and Facebook. By extending SSL coverage for the entirety of a user's session, not just the login screen, the site can defeat new attacks such as Firesheep which will make it possible for man-in-the-middle attacks to harvest potentially damaging information from sessions that otherwise would appear to be safe for the average user. The latest installment in this story came yesterday when...