Can a Chrome Extension Protect Me from Malware Better Than Google and Digital Certificates Do?

Today, when you look for a well-known application on Google, you are more than likely to find dozens of download links from different websites. Even top-ranking links hide a lot of dangers. The presence of a signing certificate is in fact not enough for trust and so is the source of the download. An increasing amount of malware and malware injected software, signed with a legitimate digital…


What the ASUS Software updates hijack teach us about software supply chain risks

What is ASUS ShadowHammer supply chain attack? On March 25th, Motherboard reported that hackers managed to hijack ASUS, the 5th-largest  PC manufacturer by unit sales, software supply chain and inject a security backdoor that was installed on over a million computers (according to Kaspersky). ShadowHammer victims per country As the attack on Avast CCleaner’s installer did in 2017, the ASUS's…


Opvizor using CodeNotary integrity for Snapwatcher latest release

Just last week Opvizor released the latest version of Snapwatcher. Instead of signing it with a digital certificate, Opvizor decided to use CodeNotary for integrity verification. Like other software vendors, Opvizor grew tired of paying $500 for a digital certificate to sign a low price range product. Just a few days before, in an interview with BleepingComputer, Don Ho, the creator of well…


The Distributed Ledger Technology at the Center of the Code Signing Disruption

Ever since the software industry witnessed the introduction of code signing, software users have learned to rely on digital certificates and GPG to verify the integrity and identity of software. Little questions were raised concerning the security of the certificates and GPG themselves. The "severe" scrutiny of the software publisher by the certificate authority and the uniqueness of GPG key,…


CodeNotary 1.1 has been released

The vChain team released today the new version of CodeNotary. CodeNotary 1.1 brings new and exciting features to the CodeNotary Dashboard. With a focus on improving the user experience as well as providing more information on signed assets, this release gives to the CodeNotary users a new set of tools for better analysis and insights and a more intuitive user interface. CodeNotary Dashboard…


The granularity of Digital Certificates

We all know how painful, cumbersome and complex a process it is to obtain a digital certificate to sign your code (both binaries and source code). The Certificate Authorities have had over 20 years to create a customer-friendly process to obtain and manage certificates, but they didn’t. Most software publishers, therefore, obtain one or two certificates and sign all their products, across all…


Developers unite against the expensive and cumbersome code signing certificates!

We could write this blog post in my favorite Windows text editor, Notepad++.  And I bet millions of other users would agree with me when I say: this Notepad++ project is simply amazing. The open source project Notepad++ has been used for over a decade by developers, system administrators, support engineers and many more people who want to edit all kinds of text knowing that Notepad++ will support…


The Code Signing Certificates' Journey of Pain: The Saga Continues

Incredibly, after nearly 3 weeks of back and forth, we finally find a way to get the certificate approval process going, our CPA (to approve our phone number) has been called and our office has been called as well. You can’t choose what number they call, they check it online using DUNS or other services. During the automatic call, you need to write down a code, click on a link the CA provider…


CodeNotary released today!

I am proud to announce that vChain is releasing CodeNotary v0.3.2 today. This is CodeNotary first release to the public and, after months of engineering efforts, we all feel super excited about the progress we have made to get to this point. CodeNotary disrupts the whole digital certificates industry by making the code signing process simple, instant and cheap. Over the past few weeks, we have…


Can we really trust PDF documents signed electronically?

Over the past year, we’ve embraced the electronic signature for digitally signing PDFs. Insurances, banks, and even the government gave legal validity to electronically signed PDFs. Today, everyone thinks that an electronically signed PDF is tamper proof. Unfortunately, it is not! A few months ago some security researchers run an experiment on that. The researchers, from the German Ruhr…