CINXE.COM

Blog | SignPath

<!-- last_modified_at: --><!DOCTYPE html> <html lang="en" data-appurl='https://app.signpath.io'> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="canonical" href='https://about.signpath.io/blog/' /> <!-- Begin Jekyll SEO tag v2.6.1 --> <link rel='preload' as='style' href='/assets/css/line-awesome.min.css' onload="this.rel='stylesheet'"> <title>Blog | SignPath</title> <meta property="og:title" content="Blog | SignPath" /> <meta property="og:locale" content="en_US" /> <meta property="og:description" content="SignPath team blog" /> <meta property="og:url" content="https://about.signpath.io/blog/" /> <meta property="og:site_name" content="SignPath - Code Signing Simple and Secure" /> <meta name="description" content="SignPath team blog"/> <!-- End Jekyll SEO tag --> <link rel='stylesheet' href='/assets/css/hint.min.css'> <link rel="stylesheet" href="/assets/css/index.css?cache=2024-11-26"> <link rel="alternate" type="application/atom+xml" title="SignPath.io Blog" href="/feed.xml"> <script src='/assets/index.js?cache=2024-03-07'></script> <script src='/assets/js/main-bundle.js?cache=2024-08-05'></script><link rel="icon" href="/assets/favicon-50x50.png" sizes="32x32"> <link rel="icon" href="/assets/favicon.png" sizes="192x192"> <link rel="apple-touch-icon-precomposed" href="/assets/favicon.png"> <meta name="msapplication-TileImage" content="/assets/favicon.png"> </head> <body> <header> <div> <a href='/'><img src='/assets/signpath-logo-white.svg' width="181" height="36" alt='SignPath'></a> <nav> <ul><li> <a href='/product'> Product </a> <ul><li> <a href='/product/features'> Features </a> </li><li> <a href='/product/editions'> Editions </a> </li><li class='separator' /><li> <a href='/product/devops'> For DevOps teams </a> </li><li> <a href='/product/infosec'> For InfoSec teams </a> </li><li> <a href='/product/open-source'> For Open Source projects </a> </li><li class='separator' /><li> <a href='/product/office-macros'> Office macro signing </a> </li><li> <a href='/product/thales-dpod'> Thales DPoD Cloud HSM </a> </li><li> <a href='/product/pkic-best-practices'> PKI Consortium best practices </a> </li></ul> </li><li> <a href='/code-signing'> Code Signing </a> <ul><li> <a href='/code-signing/introduction'> Introduction </a> </li><li> <a href='/code-signing/theory'> Theory </a> </li><li> <a href='/code-signing/windows-platform'> Windows Platform </a> </li><li> <a href='/code-signing/test-certificates'> Managing Test Certificates </a> </li><li> <a href='/code-signing/private-keys'> Storage of Private Keys </a> </li><li> <a href='/code-signing/media-coverage'> Media Coverage </a> </li></ul> </li><li> <a href='/documentation'> Documentation </a> <ul><li> <a href='/documentation/getting-started'> Getting Started </a> </li><li> <a href='/documentation/managing-certificates'> Managing Certificates </a> </li><li> <a href='/documentation/users'> Managing Users </a> </li><li> <a href='/documentation/projects'> Setting up Projects </a> </li><li> <a href='/documentation/signing-code'> Signing Code </a> </li><li> <a href='/documentation/signing-containers'> Signing Container Images </a> </li><li class='separator' /><li> <a href='/documentation/artifact-configuration'> Artifact Configuration </a> </li><li> <a href='/documentation/build-system-integration'> Build System Integration </a> </li><li> <a href='/documentation/trusted-build-systems'> Trusted Build Systems </a> </li><li> <a href='/documentation/origin-verification'> Origin Verification </a> </li><li class='separator' /><li> <a href='/documentation/powershell'> PowerShell cmdlets </a> </li><li> <a href='/documentation/crypto-providers'> Crypto Providers </a> </li><li class='separator' /><li> <a href='/documentation/changelog'> Product updates </a> </li></ul> </li><li> <a href='/about-us'> About us </a> <ul><li> <a href='/company'> Company </a> </li><li> <a href='/team'> Team </a> </li><li> <a href='/blog'> Blog </a> </li><li> <a href='/jobs'> Jobs </a> </li><li> <a href='/support'> Support </a> </li><li> <a href='/contact'> Contact </a> </li></ul> </li><li class='login'><a class='btn btn-flat' href='https://app.signpath.io/Web/Home/Login'>Login</a> <li class='login'><a href='https://app.signpath.io/Web/Subscription/StartFreeTrial' class='btn btn-primary trial'>Start free trial</a></li> </li> </ul> <a id='main-menu-toggle' href='#' onclick='document.querySelector("header > div > nav > ul").classList.toggle("open")'> <div></div> <div></div> <div></div> </a> </nav> </div> </header> <main> <section class="bg-blue font-white top-section"> <div> <h1>Blog</h1> </div> </section> <section class="blog-section bg-grey"> <div> <h2>Recent Posts<a href='/feed.xml'>Feed <svg class="icon small darkBlue" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 32 32"><path fill="currentColor" d="M 5 5 L 5 9 C 14.93 9 23 17.07 23 27 L 27 27 C 27 14.85 17.15 5 5 5 z M 5 12 L 5 16 C 11.07 16 16 20.93 16 27 L 20 27 C 20 18.72 13.28 12 5 12 z M 8 21 A 3 3 0 0 0 8 27 A 3 3 0 0 0 8 21 z"/></svg> </a></h2> <ul class='card-container'> <li> <a href='/blog/2024/09/10/implicit-to-explicit'> <div class="header"> From Implicit to Explicit: Why Code Signing is the Missing Link in DevSecOps </div> </a> <div> <div class='info'> <span> <svg class="icon blog" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 32 32"><path fill="currentColor" d="M 16 5 C 12.144531 5 9 8.144531 9 12 C 9 14.410156 10.230469 16.550781 12.09375 17.8125 C 8.527344 19.34375 6 22.882813 6 27 L 8 27 C 8 22.570313 11.570313 19 16 19 C 20.429688 19 24 22.570313 24 27 L 26 27 C 26 22.882813 23.472656 19.34375 19.90625 17.8125 C 21.769531 16.550781 23 14.410156 23 12 C 23 8.144531 19.855469 5 16 5 Z M 16 7 C 18.773438 7 21 9.226563 21 12 C 21 14.773438 18.773438 17 16 17 C 13.226563 17 11 14.773438 11 12 C 11 9.226563 13.226563 7 16 7 Z"/></svg> Paul Savoie</span> <span> <svg class="icon blog" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 32 32"><path fill="currentColor" d="M 16 5 C 12.144531 5 9 8.144531 9 12 C 9 14.410156 10.230469 16.550781 12.09375 17.8125 C 8.527344 19.34375 6 22.882813 6 27 L 8 27 C 8 22.570313 11.570313 19 16 19 C 20.429688 19 24 22.570313 24 27 L 26 27 C 26 22.882813 23.472656 19.34375 19.90625 17.8125 C 21.769531 16.550781 23 14.410156 23 12 C 23 8.144531 19.855469 5 16 5 Z M 16 7 C 18.773438 7 21 9.226563 21 12 C 21 14.773438 18.773438 17 16 17 C 13.226563 17 11 14.773438 11 12 C 11 9.226563 13.226563 7 16 7 Z"/></svg> September 10, 2024</span> </div> <p> By eliminating complexity, SignPath delivers a robust and flexible mechanism that fits naturally in modern software supply chains </p> <a class='btn btn-secondary' href='/blog/2024/09/10/implicit-to-explicit'>Read more</a> </div> </li> <li> <a href='/blog/2024/02/22/new-year-new-faces'> <div class="header"> New year, new faces: SignPath expands the market going activities </div> </a> <div> <div class='info'> <span> <svg class="icon blog" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 32 32"><path fill="currentColor" d="M 16 5 C 12.144531 5 9 8.144531 9 12 C 9 14.410156 10.230469 16.550781 12.09375 17.8125 C 8.527344 19.34375 6 22.882813 6 27 L 8 27 C 8 22.570313 11.570313 19 16 19 C 20.429688 19 24 22.570313 24 27 L 26 27 C 26 22.882813 23.472656 19.34375 19.90625 17.8125 C 21.769531 16.550781 23 14.410156 23 12 C 23 8.144531 19.855469 5 16 5 Z M 16 7 C 18.773438 7 21 9.226563 21 12 C 21 14.773438 18.773438 17 16 17 C 13.226563 17 11 14.773438 11 12 C 11 9.226563 13.226563 7 16 7 Z"/></svg> Klaus Rathje</span> <span> <svg class="icon blog" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 32 32"><path fill="currentColor" d="M 16 5 C 12.144531 5 9 8.144531 9 12 C 9 14.410156 10.230469 16.550781 12.09375 17.8125 C 8.527344 19.34375 6 22.882813 6 27 L 8 27 C 8 22.570313 11.570313 19 16 19 C 20.429688 19 24 22.570313 24 27 L 26 27 C 26 22.882813 23.472656 19.34375 19.90625 17.8125 C 21.769531 16.550781 23 14.410156 23 12 C 23 8.144531 19.855469 5 16 5 Z M 16 7 C 18.773438 7 21 9.226563 21 12 C 21 14.773438 18.773438 17 16 17 C 13.226563 17 11 14.773438 11 12 C 11 9.226563 13.226563 7 16 7 Z"/></svg> February 22, 2024</span> </div> <p> We will boost and expand the market going activities. With this move, we also grow our leadership team. </p> <a class='btn btn-secondary' href='/blog/2024/02/22/new-year-new-faces'>Read more</a> </div> </li> <li> <a href='/blog/2022/02/21/cybernews-interview'> <div class="header"> Cybernews interview with our CEO: supply chains and code signing </div> </a> <div> <div class='info'> <span> <svg class="icon blog" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 32 32"><path fill="currentColor" d="M 16 5 C 12.144531 5 9 8.144531 9 12 C 9 14.410156 10.230469 16.550781 12.09375 17.8125 C 8.527344 19.34375 6 22.882813 6 27 L 8 27 C 8 22.570313 11.570313 19 16 19 C 20.429688 19 24 22.570313 24 27 L 26 27 C 26 22.882813 23.472656 19.34375 19.90625 17.8125 C 21.769531 16.550781 23 14.410156 23 12 C 23 8.144531 19.855469 5 16 5 Z M 16 7 C 18.773438 7 21 9.226563 21 12 C 21 14.773438 18.773438 17 16 17 C 13.226563 17 11 14.773438 11 12 C 11 9.226563 13.226563 7 16 7 Z"/></svg> Stefan Wenig</span> <span> <svg class="icon blog" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 32 32"><path fill="currentColor" d="M 16 5 C 12.144531 5 9 8.144531 9 12 C 9 14.410156 10.230469 16.550781 12.09375 17.8125 C 8.527344 19.34375 6 22.882813 6 27 L 8 27 C 8 22.570313 11.570313 19 16 19 C 20.429688 19 24 22.570313 24 27 L 26 27 C 26 22.882813 23.472656 19.34375 19.90625 17.8125 C 21.769531 16.550781 23 14.410156 23 12 C 23 8.144531 19.855469 5 16 5 Z M 16 7 C 18.773438 7 21 9.226563 21 12 C 21 14.773438 18.773438 17 16 17 C 13.226563 17 11 14.773438 11 12 C 11 9.226563 13.226563 7 16 7 Z"/></svg> February 21, 2022</span> </div> <p> &quot;You can spend millions of dollars for IT security and still become a victim of an attack on a supplier&quot; </p> <a class='btn btn-secondary' href='/blog/2022/02/21/cybernews-interview'>Read more</a> </div> </li> <li> <a href='/blog/2021/03/23/dp-api-encryption-ineffective-in-windows-containers'> <div class="header"> DP API Encryption Ineffective in Windows Containers </div> </a> <div> <div class='info'> <span> <svg class="icon blog" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 32 32"><path fill="currentColor" d="M 16 5 C 12.144531 5 9 8.144531 9 12 C 9 14.410156 10.230469 16.550781 12.09375 17.8125 C 8.527344 19.34375 6 22.882813 6 27 L 8 27 C 8 22.570313 11.570313 19 16 19 C 20.429688 19 24 22.570313 24 27 L 26 27 C 26 22.882813 23.472656 19.34375 19.90625 17.8125 C 21.769531 16.550781 23 14.410156 23 12 C 23 8.144531 19.855469 5 16 5 Z M 16 7 C 18.773438 7 21 9.226563 21 12 C 21 14.773438 18.773438 17 16 17 C 13.226563 17 11 14.773438 11 12 C 11 9.226563 13.226563 7 16 7 Z"/></svg> Marc Nimmerrichter</span> <span> <svg class="icon blog" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 32 32"><path fill="currentColor" d="M 16 5 C 12.144531 5 9 8.144531 9 12 C 9 14.410156 10.230469 16.550781 12.09375 17.8125 C 8.527344 19.34375 6 22.882813 6 27 L 8 27 C 8 22.570313 11.570313 19 16 19 C 20.429688 19 24 22.570313 24 27 L 26 27 C 26 22.882813 23.472656 19.34375 19.90625 17.8125 C 21.769531 16.550781 23 14.410156 23 12 C 23 8.144531 19.855469 5 16 5 Z M 16 7 C 18.773438 7 21 9.226563 21 12 C 21 14.773438 18.773438 17 16 17 C 13.226563 17 11 14.773438 11 12 C 11 9.226563 13.226563 7 16 7 Z"/></svg> March 23, 2021</span> </div> <p> We discovered that DP API encryption in Windows containers is not secure </p> <a class='btn btn-secondary' href='/blog/2021/03/23/dp-api-encryption-ineffective-in-windows-containers'>Read more</a> </div> </li> <li> <a href='/blog/2021/03/23/experiences-with-security-report-handling'> <div class="header"> Experiences with Security Report Handling: The Good and the Bad </div> </a> <div> <div class='info'> <span> <svg class="icon blog" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 32 32"><path fill="currentColor" d="M 16 5 C 12.144531 5 9 8.144531 9 12 C 9 14.410156 10.230469 16.550781 12.09375 17.8125 C 8.527344 19.34375 6 22.882813 6 27 L 8 27 C 8 22.570313 11.570313 19 16 19 C 20.429688 19 24 22.570313 24 27 L 26 27 C 26 22.882813 23.472656 19.34375 19.90625 17.8125 C 21.769531 16.550781 23 14.410156 23 12 C 23 8.144531 19.855469 5 16 5 Z M 16 7 C 18.773438 7 21 9.226563 21 12 C 21 14.773438 18.773438 17 16 17 C 13.226563 17 11 14.773438 11 12 C 11 9.226563 13.226563 7 16 7 Z"/></svg> Daniel Ostovary</span> <span> <svg class="icon blog" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 32 32"><path fill="currentColor" d="M 16 5 C 12.144531 5 9 8.144531 9 12 C 9 14.410156 10.230469 16.550781 12.09375 17.8125 C 8.527344 19.34375 6 22.882813 6 27 L 8 27 C 8 22.570313 11.570313 19 16 19 C 20.429688 19 24 22.570313 24 27 L 26 27 C 26 22.882813 23.472656 19.34375 19.90625 17.8125 C 21.769531 16.550781 23 14.410156 23 12 C 23 8.144531 19.855469 5 16 5 Z M 16 7 C 18.773438 7 21 9.226563 21 12 C 21 14.773438 18.773438 17 16 17 C 13.226563 17 11 14.773438 11 12 C 11 9.226563 13.226563 7 16 7 Z"/></svg> March 23, 2021</span> </div> <p> On the stark differences of reporting security vulnerabilities between major software vendors </p> <a class='btn btn-secondary' href='/blog/2021/03/23/experiences-with-security-report-handling'>Read more</a> </div> </li> <li> <a href='/blog/2020/12/21/evaluating-sunburst'> <div class="header"> Evaluating the Sunburst Hack: Causes and Future Prevention </div> </a> <div> <div class='info'> <span> <svg class="icon blog" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 32 32"><path fill="currentColor" d="M 16 5 C 12.144531 5 9 8.144531 9 12 C 9 14.410156 10.230469 16.550781 12.09375 17.8125 C 8.527344 19.34375 6 22.882813 6 27 L 8 27 C 8 22.570313 11.570313 19 16 19 C 20.429688 19 24 22.570313 24 27 L 26 27 C 26 22.882813 23.472656 19.34375 19.90625 17.8125 C 21.769531 16.550781 23 14.410156 23 12 C 23 8.144531 19.855469 5 16 5 Z M 16 7 C 18.773438 7 21 9.226563 21 12 C 21 14.773438 18.773438 17 16 17 C 13.226563 17 11 14.773438 11 12 C 11 9.226563 13.226563 7 16 7 Z"/></svg> Stefan Wenig</span> <span> <svg class="icon blog" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 32 32"><path fill="currentColor" d="M 16 5 C 12.144531 5 9 8.144531 9 12 C 9 14.410156 10.230469 16.550781 12.09375 17.8125 C 8.527344 19.34375 6 22.882813 6 27 L 8 27 C 8 22.570313 11.570313 19 16 19 C 20.429688 19 24 22.570313 24 27 L 26 27 C 26 22.882813 23.472656 19.34375 19.90625 17.8125 C 21.769531 16.550781 23 14.410156 23 12 C 23 8.144531 19.855469 5 16 5 Z M 16 7 C 18.773438 7 21 9.226563 21 12 C 21 14.773438 18.773438 17 16 17 C 13.226563 17 11 14.773438 11 12 C 11 9.226563 13.226563 7 16 7 Z"/></svg> December 21, 2020</span> </div> <p> How hackers exploited one ISV's software to reach political targets - and how software industry practices need to improve </p> <a class='btn btn-secondary' href='/blog/2020/12/21/evaluating-sunburst'>Read more</a> </div> </li> <li> <a href='/blog/2020/08/26/unfulfilled-expectations'> <div class="header"> Unfulfilled Expectations: Revoked Certificates in JAR Signing </div> </a> <div> <div class='info'> <span> <svg class="icon blog" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 32 32"><path fill="currentColor" d="M 16 5 C 12.144531 5 9 8.144531 9 12 C 9 14.410156 10.230469 16.550781 12.09375 17.8125 C 8.527344 19.34375 6 22.882813 6 27 L 8 27 C 8 22.570313 11.570313 19 16 19 C 20.429688 19 24 22.570313 24 27 L 26 27 C 26 22.882813 23.472656 19.34375 19.90625 17.8125 C 21.769531 16.550781 23 14.410156 23 12 C 23 8.144531 19.855469 5 16 5 Z M 16 7 C 18.773438 7 21 9.226563 21 12 C 21 14.773438 18.773438 17 16 17 C 13.226563 17 11 14.773438 11 12 C 11 9.226563 13.226563 7 16 7 Z"/></svg> Daniel Ostovary</span> <span> <svg class="icon blog" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 32 32"><path fill="currentColor" d="M 16 5 C 12.144531 5 9 8.144531 9 12 C 9 14.410156 10.230469 16.550781 12.09375 17.8125 C 8.527344 19.34375 6 22.882813 6 27 L 8 27 C 8 22.570313 11.570313 19 16 19 C 20.429688 19 24 22.570313 24 27 L 26 27 C 26 22.882813 23.472656 19.34375 19.90625 17.8125 C 21.769531 16.550781 23 14.410156 23 12 C 23 8.144531 19.855469 5 16 5 Z M 16 7 C 18.773438 7 21 9.226563 21 12 C 21 14.773438 18.773438 17 16 17 C 13.226563 17 11 14.773438 11 12 C 11 9.226563 13.226563 7 16 7 Z"/></svg> August 26, 2020</span> </div> <p> In April we became aware of a conceptual security issue in the JarSigner. The fix will be shipped with the release of JDK 15 </p> <a class='btn btn-secondary' href='/blog/2020/08/26/unfulfilled-expectations'>Read more</a> </div> </li> <li> <a href='/blog/2020/08/26/on-the-importance-of-trust-validation'> <div class="header"> On the Importance of Trust Validation: Microsoft's Dangerous Mistake </div> </a> <div> <div class='info'> <span> <svg class="icon blog" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 32 32"><path fill="currentColor" d="M 16 5 C 12.144531 5 9 8.144531 9 12 C 9 14.410156 10.230469 16.550781 12.09375 17.8125 C 8.527344 19.34375 6 22.882813 6 27 L 8 27 C 8 22.570313 11.570313 19 16 19 C 20.429688 19 24 22.570313 24 27 L 26 27 C 26 22.882813 23.472656 19.34375 19.90625 17.8125 C 21.769531 16.550781 23 14.410156 23 12 C 23 8.144531 19.855469 5 16 5 Z M 16 7 C 18.773438 7 21 9.226563 21 12 C 21 14.773438 18.773438 17 16 17 C 13.226563 17 11 14.773438 11 12 C 11 9.226563 13.226563 7 16 7 Z"/></svg> Daniel Ostovary</span> <span> <svg class="icon blog" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 32 32"><path fill="currentColor" d="M 16 5 C 12.144531 5 9 8.144531 9 12 C 9 14.410156 10.230469 16.550781 12.09375 17.8125 C 8.527344 19.34375 6 22.882813 6 27 L 8 27 C 8 22.570313 11.570313 19 16 19 C 20.429688 19 24 22.570313 24 27 L 26 27 C 26 22.882813 23.472656 19.34375 19.90625 17.8125 C 21.769531 16.550781 23 14.410156 23 12 C 23 8.144531 19.855469 5 16 5 Z M 16 7 C 18.773438 7 21 9.226563 21 12 C 21 14.773438 18.773438 17 16 17 C 13.226563 17 11 14.773438 11 12 C 11 9.226563 13.226563 7 16 7 Z"/></svg> August 26, 2020</span> </div> <p> Our discovery of how Microsoft didn't verify the validity of timestamping certificates on VSIX packages </p> <a class='btn btn-secondary' href='/blog/2020/08/26/on-the-importance-of-trust-validation'>Read more</a> </div> </li> <li> <a href='/blog/2019/12/13/an-analysis-of-secure-variables-in-appveyor'> <div class="header"> A White Hat Story: Analysis of Secure Variables in AppVeyor </div> </a> <div> <div class='info'> <span> <svg class="icon blog" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 32 32"><path fill="currentColor" d="M 16 5 C 12.144531 5 9 8.144531 9 12 C 9 14.410156 10.230469 16.550781 12.09375 17.8125 C 8.527344 19.34375 6 22.882813 6 27 L 8 27 C 8 22.570313 11.570313 19 16 19 C 20.429688 19 24 22.570313 24 27 L 26 27 C 26 22.882813 23.472656 19.34375 19.90625 17.8125 C 21.769531 16.550781 23 14.410156 23 12 C 23 8.144531 19.855469 5 16 5 Z M 16 7 C 18.773438 7 21 9.226563 21 12 C 21 14.773438 18.773438 17 16 17 C 13.226563 17 11 14.773438 11 12 C 11 9.226563 13.226563 7 16 7 Z"/></svg> Daniel Ostovary</span> <span> <svg class="icon blog" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 32 32"><path fill="currentColor" d="M 16 5 C 12.144531 5 9 8.144531 9 12 C 9 14.410156 10.230469 16.550781 12.09375 17.8125 C 8.527344 19.34375 6 22.882813 6 27 L 8 27 C 8 22.570313 11.570313 19 16 19 C 20.429688 19 24 22.570313 24 27 L 26 27 C 26 22.882813 23.472656 19.34375 19.90625 17.8125 C 21.769531 16.550781 23 14.410156 23 12 C 23 8.144531 19.855469 5 16 5 Z M 16 7 C 18.773438 7 21 9.226563 21 12 C 21 14.773438 18.773438 17 16 17 C 13.226563 17 11 14.773438 11 12 C 11 9.226563 13.226563 7 16 7 Z"/></svg> December 13, 2019</span> </div> <p> We discovered that the encryption of AppVeyor secret variables is susceptible to Padding Oracle attacks. </p> <a class='btn btn-secondary' href='/blog/2019/12/13/an-analysis-of-secure-variables-in-appveyor'>Read more</a> </div> </li> </ul> </div> </section> <!-- last_modified_at: --><section class='bg-dark-grey font-white newsletter' id="newsletter"> <div> <h2>Sign up for news and special offers</h2> <form class="ml-block-form" action="https://app.mailerlite.com/webforms/submit/d7c3i1" data-code="d7c3i1" method="post"> <input type="text" class="form-control" data-inputmask="" name="fields[name]" value="" placeholder="Name"> <input type="email" class="form-control" data-inputmask="" name="fields[email]" value="" placeholder="Email"> <input type="hidden" name="ml-submit" value="1"> <button type="submit" class="btn btn-secondary newsletter">Subscribe</button> </form> </div> </section> </main> <footer> <div> <div> <img src='/assets/signpath-logo-white.svg' width="334" height="67" alt='SignPath'/> <svg viewBox="0 0 244 18"> <text x="0" y="15" textLength="244" lengthAdjust="spacingAndGlyphs">CODE SIGNING SIMPLE &amp; SECURE</text> </svg> <div> <a target="_blank" href="https://www.linkedin.com/company/33243108" rel="noopener noreferrer"> <svg class="icon footer" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 32 32"><path fill="currentColor" d="M 8.6425781 4 C 7.1835781 4 6 5.181625 6 6.640625 C 6 8.099625 7.182625 9.3085938 8.640625 9.3085938 C 10.098625 9.3085938 11.283203 8.099625 11.283203 6.640625 C 11.283203 5.182625 10.101578 4 8.6425781 4 z M 21.535156 11 C 19.316156 11 18.0465 12.160453 17.4375 13.314453 L 17.373047 13.314453 L 17.373047 11.310547 L 13 11.310547 L 13 26 L 17.556641 26 L 17.556641 18.728516 C 17.556641 16.812516 17.701266 14.960938 20.072266 14.960938 C 22.409266 14.960937 22.443359 17.145609 22.443359 18.849609 L 22.443359 26 L 26.994141 26 L 27 26 L 27 17.931641 C 27 13.983641 26.151156 11 21.535156 11 z M 6.3632812 11.310547 L 6.3632812 26 L 10.923828 26 L 10.923828 11.310547 L 6.3632812 11.310547 z"/></svg></a> &nbsp;&nbsp; <a target="_blank" href="mailto:info@signpath.io" rel="noopener noreferrer"><svg class="icon footer" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 32 32"><path fill="currentColor" d="M 3 8 L 3 26 L 29 26 L 29 8 Z M 7.3125 10 L 24.6875 10 L 16 15.78125 Z M 5 10.875 L 15.4375 17.84375 L 16 18.1875 L 16.5625 17.84375 L 27 10.875 L 27 24 L 5 24 Z"/></svg> </div> </div> <div> <a href='/privacy-policy'>Privacy Policy</a> <a href='/terms-of-service'>Terms of Service</a> <a href='/status'><span style="color: lightgreen;"><svg class="icon small" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 32 32"><path fill="currentColor" d="M 28.28125 6.28125 L 11 23.5625 L 3.71875 16.28125 L 2.28125 17.71875 L 10.28125 25.71875 L 11 26.40625 L 11.71875 25.71875 L 29.71875 7.71875 Z"/></svg> </span>Status </a> </div> </div> </footer> <div id='cookie-info'> <h3>Cookie settings</h3> <div class="container"> <span>We use cookies to enhance your browsing experience.</span> <p class="mobile show-more active"><a>Show more information</a></p> <p class="mobile show-less"><a>Show less information</a></p> <span class="information">By clicking the “Accept” button below, you agree that non-essential cookies on our website may be used by us and by third parties, some of them located in the USA. Learn more about our cookies in our <a href='/privacy-policy'>Privacy Policy</a> </span> <div class="actions"> <button class='btn btn-primary' id='acknowledge-cookies-btn'>Accept</button> <button class="btn btn-grey" id='refuse-cookies-btn'>Refuse</button> </div> </div> <script> const queryString = window.location.search; const urlParams = new URLSearchParams(queryString); const adgroupid = urlParams.get('adgroupid') ? urlParams.get('adgroupid') : document.cookie.match('(^|;)\\s*' + 'adgroupid' + '\\s*=\\s*([^;]+)')?.pop() || '' if (adgroupid) { const els_trial = document.querySelectorAll("a[href='" + window.location.protocol + '//' + window.location.hostname + '/Web/Subscription/StartFreeTrial' + "']") const els_login = document.querySelectorAll("a[href='" + window.location.protocol + '//' + window.location.hostname + '/Web/Home/Login' + "']"); for (let child of els_trial) { if (child.tagName === 'A') { child.href = child.href + '?websiteCorrelationId=' + adgroupid } } for (let child of els_login) { if (child.tagName === 'A') { child.href = child.href + '?websiteCorrelationId=' + adgroupid } } } </script> </div> </footer> </body> </html>

Pages: 1 2 3 4 5 6 7 8 9 10