Keeping PCs Safe on the Internet

PC Security Journal

Subscribe to PC Security Journal: eMailAlertsEmail Alerts newslettersWeekly Newsletters
Get PC Security Journal: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


PC Security Journal Authors: RealWire News Distribution, Denise Dubie, Lacey Thoms, Bob Gourley, Michael Bushong

Related Topics: PC Security Journal, Security Journal, SOA & WOA Magazine

Article

Protecting Your Code Updates

How to defend against SSL spoofing attacks

Click Here to Download This White Paper Now!

Security experts generally recommend applying security updates to software as soon as possible, as the overwhelming majority of attacks against vulnerabilities are against those that have already been addressed with patches from the software developer. But, published scenarios enable attackers to compromise the safety of these updates.

Some code distribution methods rely only on Secure Sockets Layer (SSL) offerings to protect the integrity of the update process, but authentication through conventional SSL can be weak and subject to man-in-the-middle attacks. Both static code distribution sites and built-in automatic update mechanisms are often vulnerable to these attacks.

The solution to this problem is code signing, a mature technology built into Windows and many other systems for years. Code signing allows users to ensure that a program was created by a named and authenticated organisation. Programmatic updates can build this mechanism into their own algorithms to ensure that they are not being fed rogue updates.

Click Here to Download This White Paper Now!

More Stories By Elizabeth White

News Desk compiles and publishes breaking news stories, press releases and latest news articles as they happen.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.