Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Bit9 Breached...Frank Admission

  • Please log in to reply
2 replies to this topic

#1 buddy215


  • Moderator
  • 13,414 posts
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:45 AM

Posted 11 February 2013 - 12:37 PM

Unknown is how this breach will affect our national security and personal banking, etc.

Security Firm Bit9 Hacked, Used to Spread Malware — Krebs on Security


........Bit9 published a blog post acknowledging a break-in.
The company said attackers managed to compromise some of Bit9′s systems
that were not protected by the company’s own software. Once inside, the
firm said, attackers were able to steal Bit9′s secret code-signing

“Due to an operational oversight within Bit9, we failed to install
our own product on a handful of computers within our network,” Bit9′s Patrick Morley
wrote. “As a result, a malicious third party was able to illegally gain
temporary access to one of our digital code-signing certificates that
they then used to illegitimately sign malware. There is no indication
that this was the result of an issue with our product.  Our
investigation also shows that our product was not compromised.”......................


Read the entire article using link above...


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

BC AdBot (Login to Remove)


#2 Animal


    Bleepin' Animinion

  • Site Admin
  • 35,905 posts
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:05:45 AM

Posted 11 February 2013 - 12:48 PM

I take it as not so much a "frank admission" as PR wrapped statement.

As noted in the ars technica article: Crooks steal security firm's crypto key, use it to sign malware

While Morley attributed the compromise to an oversight in installing its product on a small number of PCs, the true cause is much broader. Signing certificates are supposed to be kept in so-called hardware security modules, which are special computers that contain their own cryptography-dedicated processor and a special storage system. These devices are generally segregated from the rest of a company's network to prevent the signing keys they store from being abused in the event of a breach. In November, Ars provided this detailed look at the lengths Symantec goes to secure its valuable signing keys for SSL encryption.

Bold in the quote above is mine. It goes much deeper than just an "operational oversight within Bit9".

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown (1938-1994)

A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams (1952-2001)

"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)

Follow BleepingComputer on: Facebook | Twitter | Google+

#3 James Litten

James Litten


  • BC Advisor
  • 1,946 posts
  • Gender:Male
  • Location:New Jersey
  • Local time:08:45 AM

Posted 16 February 2013 - 07:29 PM

Yeah, I noticed that little tidbit too.


They poisoned the well and from what I've seen in the past I would bet a million dollars that whoever did it expected it to be noticed and actually had a more sinister goal that they achieved. Probably unnoticed.



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users