Tag: code signing

  • Digital certificates

    I’ve been taking an interest in computer security recently, and as part of that I’ve been investigating digital certificates, primarily in the context of code signing (e.g. applications/macros/plugins).

    There seem to be two main misconceptions here (at opposite ends of the scale), which are worth addressing:

    1. “If something has been signed then it’s safe.”

    2. “Just because something’s been signed, that’s no guarantee of safety, therefore signing is pointless, and it’s just a way for Microsoft to extort money from people while spreading FUD.” (FUD = Fear, Uncertainty, and Doubt.)

    (more…)