Its the week of Patch Tuesday, and I’ll have more on that later on after reading Brian’s article.
But whiele looking at Mastodon this morning, Dan Goodin, an Ars Technica writer, pingged him and others with an article talking about software that can bypass the Kernal and allow Malware that is signed.
I wish I was joking, but if I’m reading this right, the piece of software which is only one of several that can do this code signing business is called FuckCertTimeValidity? The first letter of each word is capitalized in the article.
Dan’s article is titled *KCERTVERIFYTIMEVALIDITY —
Hackers exploit gaping Windows loophole to give and is a must read. It talks about this and the fact that it allows older software prior to 2015 to run without checks which is great, but it opened up something that could be abused in a huge way!
Just something to be aware of.
Discover more from Jared's Technology podcast network
Subscribe to get the latest posts sent to your email.