An independent researcher compiled a list of known Apple OSX-related vulnerabilities, including one that affects the Sparkle Updater Framework.
I’ve just checked my Mac with this command
find /Applications -name Sparkle.framework
and found that DikeX, the old version of the digital-signature tool released by Infocert S.p.a., uses Sparkle. I don’t know if the software is plagued by the bug, but this is exactly the point: nobody from Infocert just warned users with a single word about.
As everybody knows, the SHA-n is a series of cryptographic algorithm developed by the NSA and published by the US NIST. The current SHA-n lineup includes SHA-1, SHA-224, SHA-256, SHA-384 and SHA-512.
On the contrary, SHA-7 (see this link – italian only, sorry), a “proprietary, patented encryption algorythm” developed by an Italian company doesn’t belong to the original “family”. And doesn’t have any endorsement by the scientific community.
I wonder why SHA-7 designers have choses this confusing name for their code.
Here we are again. Infocert – one of the biggest electronic signature provider in Italy – confirmed its technology lock-in attitude, by pushing users toward Microsoft Windows.
Infocert released Â its USB based all-in-one solution named BusinesskeyÂ and advertises its dongle as an “hassle-free” tool, with no installation required. This is not entirely true, because the system only works under Microsoft Windows: no Linux or Mac OSX support. Â Admittedly, Infocert did release a Linux and MacOSX desktop-based version of Dike (the software client needed to handle the electronic signature), but didn’t do the same as “portable app”.
Consequences are clear and don’t need further explanation. What is astonishing is the silence of both Government and Authorities, that are allowing private entities to force citizens to pay non irrelevant monies to get public services.
After ten years Italy might let digital signature legal framework moves toward a coherent system.
Current legislation – Legislative Decree 82/2005 – is still affected by unclear definitions, EU directive translation errors and technical misunderstanding.
If passed in Parliament, draft law AC1441-bis will assign Government the power to amend these mistakes, a non-impossible mission if only the concerned persons will take their time in fully understand the issues debated since 1997 and never fully resolved.
More to come about, as soon as the Parliament will pass the law containing the amendment principles.