RealTime IT News

Adobe Clamps Down on Code Signing Security

Adobe is in damage control mode as the company aims to contain the risk from a compromised  code signing certificate. The compromise is forcing the company to revoke the certificate.

"Adobe is aware at this time of two malicious utilities from a single source that appeared to be digitally signed using a valid Adobe code-signing certificate," Adobe warned in an advisory issued late Thursday.

The two malicious utilities are pwdump, which can be used to extract passwords from Windows and myGeeksmail, which is a malicious ISAPI filter.

How It Happened

As to how the Adobe certificate was compromised, Brad Arkin, senior director of Product Security and Privacy at Adobe noted in a blog post that Adobe identified a compromised build server with access to the Adobe code signing infrastructure.

According to Arkin, the compromised build server's configuration was not up to Adobe corporate standards.

Read the full story at eSecurity Planet:
Adobe Cracks Down on SSL Fraud

Sean Michael Kerner is a senior editor at InternetNews.com, the news service of the IT Business Edge Network, the network for technology professionals Follow him on Twitter @TechJournalist.