![]() Now he has to get a code signing cert (not a fast or easy process I would assume) and add that to the list of things he needs to do for each release. Lastly let's say he gets the money and takes care of the taxes and all of that. It's obvious the putty dev is not a designer (I don't say that to be mean) so I'm sure there would be people here on HN that would be all like "Ugh, this guy is asking for money and he can't take 2 minutes to make his funding site look halfway decent?" (Those people would be clarified as douches but that wouldn't stop them from making the comment nor the dev potentially reading them). Also while crowdfunding platforms have gotten really easy they still take effort and sometimes some sort of verification process. I know that sounds crazy but people taking donations have to declare that on their taxes and some people don't want to deal with that. No doubt but we all need to remember that sometimes accepting money is more trouble than it's worth. Someone with an Authenticode cert should compile it and then sign it and see if it still gets by the security vendors. I still have the Keystroke logger source code: There was a check-box somewhere to disable that, but long story short, I would not say that Authenitcode code signing is a big security benefit today. The real issue was that the security software trusted any code that was Authenticode signed and let it run no matter what. Their customers were then happy and felt safer as it was now 'detected'. ![]() Even though my software had been available for years, was code signed, came with full source code and was clearly labeled for educational purposes only, the security companies sent takedown notices to my ISP, placed my domain on DNS blacklists and 'fixed' the issue by declaring any exe signed by my Authenticode cert as malicious. Several years later, some customers of Zemena and Comodo complained that the keystroke detection/security software (that they had paid money for) did not detect my keystroke logging software. I wrote a proof of concept keystroke logger for Windows, then Authenticode signed it and made it available along with source code for others to experiment with and review. You mean Autenticode on Windows? I once had an Authenticode code signing cert that I used to sign Windows executables. "None of which would have mattered if Putty.exe was codesigned. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |