#signature

danie10@squeet.me

‘Secret’ iPhone feature lets you easily sign online documents for free, with no scanning, printing, or app installing

Hand holding up an iPhone with a post-it note stuck on the front that has writing on saying "sign here" with an arrow pointing to the left
In the age of digital communication, needing to sign important documents online has become increasingly common, but it’s not necessarily the easiest process.

For an iPhone you can just use the standard Photos app to open it, hit Edit, click the Markup button, and add signature. Useful that you can also move it around.

I see on my Samsung Galaxy phone I can similarly use the Samsung Notes app and just a PDF with the S Pen. The selection tool will also allow me to select and move that signature around or resize it.

Both phones will allow you to sign, or complete, a document offline and no 3rd party apps needed.

See thefocus.news/lifestyle/secret…
#Blog, #ios, #signature, #technology

danie10@squeet.me

How to paste signatures into PDFs using Okular Document Viewer

Title: Okular PDF signatures, with image of a signature on a page
Okular is a very versatile document viewer found on many Linux distros, but one of its shortcomings is not being able to just paste a transparent PNG format signature in. Pasting signatures into a PDF is often the commonly used method, as most businesses want a plain ‘signed’ PDF that they can print and view. Although digital signing is more secure and legally accepted, most businesses are not geared to understand how to use these (much like with encrypted e-mails).

The workaround I show in this video, using custom stamps, is actually better than other document viewers in that you do not need to attach the file every time you want to paste a signature. You set up the custom stamp one, and just re-use that every time.

See https://youtu.be/QtY_RTTVnYI
#Blog, #Okular, #opensource, #PDF, #signature, #technology

danie10@squeet.me

How to Electronically Sign PDF Documents Across Various OSs, Without Printing and Scanning Them

Two hands holding smartphone, which is resting on a printed paper form
You’ve been emailed a document, and you have to sign it and send it back. You could print out the document, sign it, and then scan it back in and email it. But there’s a better, faster way.

This article shows you how to quickly add your signature to any PDF document, saving it as a standard PDF file that can be read anywhere. You can do this on Windows, Mac, iPad, iPhone, Android, Chrome OS, Linux — whatever platform you prefer.

I’ve been using Master PDF Editor on Linux for a while, mainly because I often have to paste signatures in (and Okular does not do that at all – yes really odd) but I now tried Xournal and yes it does all I need as well as much more. Maybe now, too, Google’s GDrive will also allow the form filling and signing (it’s not mentioned in this article as it’s quite a new feature).

See https://www.howtogeek.com/164668/how-to-electronically-sign-documents-without-printing-and-scanning-them/
#Blog, #PDF, #signature, #technology

anonymiss@despora.de

CVE-2022-21449: Psychic #Signatures in #Java

source: https://neilmadden.blog/2022/04/19/psychic-signatures-in-java/

The long-running BBC sci-fi show Doctor Who has a recurring plot device where the Doctor manages to get out of trouble by showing an identity card which is actually completely blank. Of course, this being Doctor Who, the card is really made out of a special “psychic paper“, which causes the person looking at it to see whatever the Doctor wants them to see: a security pass, a warrant, or whatever.It turns out that some recent releases of Java were vulnerable to a similar kind of trick, in the implementation of widely-used #ECDSA signatures.

#security #fail #software #trust #news #problem #vulnerability #signature

fr1tz0@diasp.org

Driver doesn't load, shows error code 52 in device manager on Windows 10 x64
If you're automating software and drivers, sometimes it happens that Windows 10 doesn't load a driver. Since MS raised the bar for driver signing and everything security in general to unbelievable heights, there are far less problems with rootkits, but way more with drivers.

Even hardware manufacturers as Nvidia and Intel can't keep up with the current update rate and hey who needs QA when you're at one of these firms anyway and thus, from time to time, un- or wrongly signed non-production beta drivers are being published for end consumers.

You're downloading driver packages, extract them, shove them upon your test share, import them into your endpoint management server system without a problem, automate them and deploy them. Dism grabs them and imports them into the local driver store. After OSD is done, system is being patched and software is being installed, all is good. Machine ships to the end customer, user logs in. OS activates each and every security subsystem that EFI, secureboot, Driverguard etc pp. provides and loads up the drivers in the store.

Inf is readable, cab file signature is A-OK, loading driver but oh my what's that, one of the 50 driver libraries or SYS files is not signed properly, a cert in the chain is too old or there is no CA certificate because someone at Intel signed the libraries with a cert published by 'Microsoft Media' certificate used in Windows Vista (an OS published in 2007 A.D.) to sign the driver libraries. In the year 2021. Congrats, you now have n machines out there in the home offices without WLAN & without a graphics driver. Best wishes from Intel (one more reason why I prefer AMD).

There are two solutions to avoid this: either you check each and every file of each and every driver you want to use before importing & deploying them. This means that you'll check millions of files. Or you just trust the manufacturer / distributor who provides the drivers, import them and fix if any errors occur. This is what 99% of the sysadmins do and what MS recommends.

If however you want to check the driver files before importing them, here is a powershell one-liner to recursively check all binaries in the current path for non-valid signatures. It outputs any binaries in the search path which are not signed properly.

Get-ChildItem -Recurse | where {$_.extension -in ".dll", ".exe", ".sys" } | Where { ! $_.PSIsContainer } | Get-AuthenticodeSignature | Where-Object {$_.status -ne "Valid"} | Select-Object status, path

Have fun, stay healthy.
Fritz

#windows #drivers #driver #admin #hardware #cert #signature

anonymiss@despora.de

Major #Linux #RPM #problem uncovered

Source: https://www.zdnet.com/article/major-linux-rpm-problem-uncovered/

Why? Because RPM had never properly checked revoked certificate key handling. Specifically, as Linux and lead RPM developer Panu Matilainen explained: "Revocation is one of the many unimplemented things in rpm's #OpenPGP support. In other words, you're not seeing a bug as such; it's just not implemented at all, much like expiration is not."

This is a bad #security #vulnerability but with open source you have the chance to find it and better late than never. You can't say this often enough: "Open source can increase your security but someone with experience has to do a #codereview. If no one checked the code then everything is possible :(

#update #installation #software #opensource #floss #foss #centos #bug #certificate #patch #antipov #suse #redhat #enterprise #signature #fail