How to Verify Authenticity of Windows Software with Digital Signatures

Every time you download a program from the Internet, you have to trust the developer that it isn’t malicious. There is no way around that. But this isn’t an issue, usually, especially with well-known software and developers. However, websites that host software are more vulnerable. Attackers can subvert the security of a website and replace programs with their own, malicious version. This looks and works exactly like the original, except it has a backdoor inserted. With this backdoor, attackers can control various parts of your normal day-to-day computing. Your computer is either inserted in a botnet, or worse, the utility waits until you use your… Read more

How to Verify Authenticity of Linux Software with Digital Signatures

When you download software from the Internet, you have to trust the developer(s) that their program isn’t malicious. However, you also have to worry about hackers. There is a lot an attacker can gain from hacking a website and replacing software with a backdoored version. Think about a site that hosts a Bitcoin wallet utility. If an attacker manages to replace the legitimate version with a malicious one, he can potentially steal money from tens of thousands of users. Another valuable target to backdoor is an operating system. This happened to Linux Mint in the past. So, what can you do about it? Hashes and… Read more