id	author	title	date	pages	extension	mime	words	sentences	flesch	summary	cache	txt
blog-dshr-org-8024		DSHR's Blog: Talk At Berkeley's Information Access Seminar			.html	text/html	6703	594	66	Preparation time was limited because these days I'm a full-time grandparent so the talk, entitled Securing The Digital Supply Chain summarizes and updates two long posts from two years ago: The issue with the two HeadSetup apps came to light earlier this year when German cyber-security firm Secorvo found that versions 7.3, 7.4, and 8.0 installed two root Certification Authority (CA) certificates into the Windows Trusted Root Certificate Store of users' computers but also included the private keys for all in the SennComCCKey.pem file. These flaws weaken the reliability and effectiveness of encrypted Internet connections and can compromise critical TLS/SSL mechanisms, including domain validation, end-to-end encryption, and the chains of trust set up by certificate authorities. Then, in a section entitled Prevention for Critical Software they specifially address the security of the development process and thus the two types of supply chain attacks we have been discussing.	./cache/blog-dshr-org-8024.html	./txt/blog-dshr-org-8024.txt