What's It Take To Trust A Digitally Signed Program?

Opera Software

The Opera Software breach that came to light last week after attackers compromised Opera's network in order to steal an expired certificate and use it to sign malware for distribution dredges up some serious concerns from security professionals about the amount of trust that organizations put into legitimately signed programs.

In particular, the attack brought up fears about auto-updating processes given that this particular strike used Opera's updating infrastructure to automatically push out updates to customers.

"Attacks that subvert the methods used to validate programs and their updates are very troubling," says Jean Taggart, senior researcher at Malwarebytes. "They serve as a strong reminder to practice defense in depth."

The Opera attack is hardly an exception in today's malicious hacking standard operating procedures.

Opera attack dredges up serious concerns | Dark Reading