Follow Slashdot blog updates by subscribing to our blog RSS feed

 


Forgot your password?
Close
typodupeerror
×
Opera Security

Hackers Steal Opera-Signed Certificate Through Infrastructure Attack 104

Posted by samzenpus from the protect-ya-neck dept.
wiredmikey writes "Norwegian browser maker Opera Software has confirmed that a targeted internal network infrastructure attack led to the theft of a code signing certificate that was used to sign malware. 'The current evidence suggests a limited impact. The attackers were able to obtain at least one old and expired Opera code signing certificate, which they have used to sign some malware. This has allowed them to distribute malicious software which incorrectly appears to have been published by Opera Software, or appears to be the Opera browser,' Opera warned in a brief advisory. The Opera breach signals a growing shift by organized hacking groups to target the internal infrastructure network at big companies that provide client side software to millions of end users."
This discussion has been archived. No new comments can be posted.

Hackers Steal Opera-Signed Certificate Through Infrastructure Attack More

Hackers Steal Opera-Signed Certificate Through Infrastructure Attack

Comments Filter:

  • A growing shift? (Score:5, Insightful)

    by Anonymous Coward on Wednesday June 26, 2013 @09:57PM (#44118985)

    Does this really signal a growing shift? Or are we just saying that whatever happens in a news story must signal a "growing shift" toward that thing to induce widespread panic?

  • The certificate crowd is proven wrong yet again. (Score:4, Insightful)

    by Anonymous Coward on Wednesday June 26, 2013 @10:13PM (#44119059)

    Whenever the topic of security comes up, there are always a bunch of people who go on and on and on about how certificates are always the answer to security problems.

    How do we fix security problems with email? "Certificates!", they say.

    How do we fix security problems with HTTP? "Certificates!", they blurt out.

    How do we fix security problems with DNS? "Certificates!", they scream.

    How do we fix security problems with passwords? "Certificates!", they yell.

    How do we fix security problems with application executables? "Certificates!", they exclaim.

    Yet we see so many stories about certificates getting compromised in one way or another. And then the infrastructure surrounding them is always so goddamn awful. They cause just as many, if not more, problems than they actually manage to partially solve.

    It's time for the certificate advocates to stop and think. They need to look at the big picture. They need to realize that while certificates may have their place in some very specialized situations, they are not the ultimate solution that we so desperately need.

  • Re:no. the NSA is probably doing this (Score:5, Insightful)

    by Anonymous Coward on Wednesday June 26, 2013 @11:10PM (#44119299)

    if bad guys are doing it, the governments are doing it.

    You repeated yourself

  • Re:The certificate crowd is proven wrong yet again (Score:5, Insightful)

    by MightyMartian ( 840721 ) on Wednesday June 26, 2013 @11:17PM (#44119325) Journal

    Perhaps if people took better care of private keys, this wouldn't bloody happen at all.

Slashdot Top Deals

Thus spake the master programmer: "After three days without programming, life becomes meaningless." -- Geoffrey James, "The Tao of Programming"

Close