Blunderific →
Really has to be read to beleive it... This weeks' evidence that stupidity is most certainly alive and well in the network hardware business points to the geniuses at D-Link and their publishing of the company's code-signing key - publicly.
"The key expired earlier this month, but Klijnsma said that any software that was signed before the expiration date will continue to be accepted as a legitimate D-Link release. He said the key is accepted by Microsoft Windows code-signing requirements and appears to be accepted by Apple's OS X as well. The security analyst said he has reported the leaked key to officials at Symantec, the security firm that oversees the certificate authority that validated the D-Link key, in hopes of getting it revoked. It's unclear if or when that revocation may happen." - via Ars Technica's Dan Goodin