PHP.net compromise aftermath: Why Code Signing Beats Hashes

If someone can change the download page, they can change the hash too. If you sign the code with a secret key, they have to steal your key too — and you should be keeping that off of your web server.

ISC Diary | PHP.net compromise aftermath: Why Code Signing Beats Hashes

PHP.net compromise aftermath: Why Code Signing Beats Hashes, Author: Johannes Ullrich

On LinkedIn

jQuery.com Compromise: The Dangers of Third Party Hosted Content - ISC
A Tale of Two Admins (and no Change Control)
Thinking about some basic privacy/offline principles for…
hoo boy, here comes some serious talk about fandom mentality

Related Posts: