Photo credit: HP

This week, Hewlett-Packard quietly revoked one of its digital certificates after security blogger Brian Krebs discoveredit was the same certificate which had signed off on some malware four yars ago.

What is a digital certificate? It's basically a security attachment on electronic messages, and according to Webopedia, “The most common use of a digital certificate is to verify that a user sending a message is who he or she claims to be, and to provide the receiver with the means to encode a reply.”

The problem with Hewlett-Packard's now-revoked digital certificate is that, in addition to all the various legitimate software packages it approved over the years, four years ago it also signed off on a Trojan virus which had infected an HP developer's computer. That Trojan never infected any HP software released on the market (according to an HP executive who spoke to Krebs).

Could cause problems

So that's good news for people with Hewlett-Packard machines. But it might cause problems for people with older HP machines running on older HP software signed by the now-revoked digital certificate. Ars Technica notes that:

the revocation of the affected certificate will require HP to re-issue a large number of software packages with a new digital signature. While the certificate drop may not affect systems with the software already installed, users will be alerted to a bad certificate if they attempt to re-install software from original media.

In other words: if you have to re-install your old HP software from its original discs for whatever reason, you won't be able to, because the digital certificate's no longer any good.

Share your Comments