News

HP withdraws certificate due to trojan blunder

By admin
Spread the love

HP will revoke a certificate the company used to sign software, including drivers, at the end of this month. Research shows that it was accidentally used to sign rogue software.

The certificate, which was mainly used for older products, should guarantee system administrators that the software has not been tampered with. However, the US company discovered that the certificate was ‘accidentally’ used to sign a trojan, security journalist Brian Krebs reports on his blog.

Security company Symantec alerted HP to the malware after it found the four-year-old Trojan nested on a computer belonging to an HP employee. There, the program pretended to be another file and signed it with the certificate. HP used the certificate for software signing until May 2010.

According to HP, the certificate itself was not cracked and the Trojan was never shipped to customers. Brett Wahlin, who is responsible for HP’s security, assures Krebs. HP will have the certificate revoked by VeriSign on October 21, after which it will have to re-sign its software.

You might also like
News

Rumor: Apple is working on its own applications based on a large language model

News

Blizzard will release certain games via Steam, starting with Overwatch 2

News

EU Council determines position on security requirements for digital products

News

Samsung develops first GDDR7 chips, mentions bandwidths of up to 32Gbit/s per pin

News

Meta introduces open source language model Llama 2, works on PCs and phones

News

Logitech acquires stream controller maker Loupedeck