Login or Register to Ask a Question and Join Our Community

unix and linux operating commands

Wikipedia: Trust but Verify

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
# 1  
Old 05-28-2008
Wikipedia: Trust but Verify
Security professionals are, almost by definition, inclined to be skeptical (not to say paranoid) by nature, and among the least likely to say without irony "It must be true, I read it on Wikipedia!" Those of us who specialize in anti-malware research not only share these traits, but are also accustomed to being considered incompetent or downright crooked, not to mention the still widely-held belief that we write all the viruses. (I considered what I think are some of the reasons for all that in an article for Virus Bulletin a couple of years ago, by the way.)
So it's a pleasant surprise to come across a Wikipedia entry that's not only painstakingly accurate (to the point that the author went to the trouble of asking me to check its accuracy), but complimentary towards its subject despite his longstanding association with anti-virus research. :)
Author/reviewer/consultant (etc) Robert Slade's contributions to the common weal are not restricted to anti-virus, of course: his name is well known in (ISC)2 circles, and his longstanding book review project is a seriously useful resource. It's a pleasure to see an old friend and colleague (we wrote a book on viruses together some years ago) get some of the recognition he deserves. Cheers, Rob!


More...
Login or Register to Ask a Question

Previous Thread | Next Thread

2 More Discussions You Might Find Interesting

1. HP-UX

Not Trust Host 10.10.10.10

I get a message similar to this, in the syslog file. Actually, I am trying to let the host at 10.10.10.10 access the HP-UX system. How do I get it trusted? Thanks! (2 Replies)
Discussion started by: instant000
2 Replies

2. News, Links, Events and Announcements

UNIX Entry in Wikipedia

I noticed that Wikipedia has a like to our forums on their Unix page at the bottom where the external links are listed. (0 Replies)
Discussion started by: Neo
0 Replies
Login or Register to Ask a Question

LEARN ABOUT NETBSD

nbsvtool

NBSVTOOL(1)						    BSD General Commands Manual 					       NBSVTOOL(1)

NAME

     nbsvtool -- create and verify detached signatures of files

SYNOPSIS

     nbsvtool [-v] [-a anchor-certificates] [-c certificate-chain] [-f certificate-file] [-k private-key-file] [-u required-key-usage] command
	      args ...

DESCRIPTION

     nbsvtool is used to create and verify detached X509 signatures of files.  Private keys and certificates are expected to be PEM encoded, sig-
     natures are in PEM/SMIME format.

     Supported commands:

     sign file			       Sign file, placing the signature in file.sp7.  The options -f and -k are required for this command.

     verify file [signature]	       Verify signature for file.  If signature is not specified, file.sp7 is used.

     verify-code file [signature]      This is a short cut for verify with the option -u code.

     Supported options:

     -a anchor-certificates	   A file containing one or more (concatenated) keys that are considered trusted.

     -c certificate-chain	   A file containing additional certificates that will be added to the signature when creating one.  They will be
				   used to fill missing links in the trust chain when verifying the signature.

     -f certificate-file	   A file containing the certificate to use for signing.  The certificate must match the key given by -k.

     -k private-key-file	   A file containing the private key to use for signing.

     -u required-key-usage	   Verify that the extended key-usage attribute in the signing certificate matches required-key-usage.	Otherwise,
				   the signature is rejected.  key usage can be one of: ``ssl-server'', ``ssl-client'', ``code'', or ``smime''.

     -v 			   Print verbose information about the signing certificate.

EXIT STATUS

     The nbsvtool utility exits 0 on success, and >0 if an error occurs.

EXAMPLES

     Create signature file hello.sp7 for file hello.  The private key is found in file key, the matching certificate is in cert, additional cer-
     tificates from cert-chain are included in the created signature.
	   nbsvtool -k key -f cert -c cert-chain sign hello hello.sp7

     Verify that the signature hello.sp7 is valid for file hello and that the signing certificate allows code signing.	Certificates in
     anchor-file are considered trusted, and there must be a certificate chain from one of those certificates to the signing certificate.
	   nbsvtool -a anchor-file verify-code hello hello.sp7

SEE ALSO

     openssl_smime(1)

CAVEATS

     As there is currently no default trust anchor, you must explicilty specify one with -a, otherwise no verification can succeed.

BSD
								  March 11, 2009							       BSD