Possible code signing certificate issue?

Want to help the VideoLAN project? Designers, testers, translators, please come...
This is NOT about GETTING some help.
Forum rules
Please read the forum's rules carefully before posting. This forum should not be used to post VLC usage related questions.
madalinab
New Cone
New Cone
Posts: 1
Joined: 20 Oct 2022 11:00

Possible code signing certificate issue?

Postby madalinab » 20 Oct 2022 11:55

Hello.

I've come across this file https://github.com/ditekshen/detection/ ... _certs.yar which contains yara rules to detect bad known certificates.

If you look inside you can find:

rule INDICATOR_KB_CERT_0407abb64e9990180789eacb81f5f914 {
meta:
author = "ditekSHen"
description = "Detects executables signed with stolen, revoked or invalid certificates"
thumbprint = "bcb40c7d23c9db41766c780b5388fb70f3d570bf"
hash = "f1fdac82e4e4da91ba2a9d8122a5f27e11a8342308b18376b189d2cc7468557b"
condition:
uint16(0) == 0x5a4d and
for any i in (0..pe.number_of_signatures): (
pe.signatures.subject contains "VideoLAN" and
pe.signatures.serial == "04:07:ab:b6:4e:99:90:18:07:89:ea:cb:81:f5:f9:14"
)
}

Since this certificate is still used by VideoLAN for code signing do we have to worry about the certificate being stolen?

Thank you!

Jean-Baptiste Kempf
Site Administrator
Site Administrator
Posts: 37523
Joined: 22 Jul 2005 15:29
VLC version: 4.0.0-git
Operating System: Linux, Windows, Mac
Location: Cone, France
Contact:

Re: Possible code signing certificate issue?

Postby Jean-Baptiste Kempf » 18 Dec 2022 14:22

It is not stolen.
Jean-Baptiste Kempf
http://www.jbkempf.com/ - http://www.jbkempf.com/blog/category/Videolan
VLC media player developer, VideoLAN President and Sites administrator
If you want an answer to your question, just be specific and precise. Don't use Private Messages.


Return to “Contribute and help the VideoLAN project”

Who is online

Users browsing this forum: No registered users and 8 guests