|
|
|
|
|
|
by michaelt
1817 days ago
|
|
|
Of course, there's a kinda reasonable reason for the hardware token requirement: Widely publicised 2010 virus 'StuxNet' had a driver signature, using a stolen copy of Realtek's driver signing certificate. [1] And stolen certificates make the whole code-signing house of cards falls apart - you can't trust something signed by Realtek if it was not, in fact, signed by Realtek! Of course, hardware tokens aren't a panacea: Some malware authors simply set up a shell company and get a certificate issued to that company. [1] https://www.trendmicro.com/en_us/research/18/d/understanding... |
|
|