Information about Comodo Code-Signing

[NewsArchive]

One more consideration: You can't use an EV to sign something within a
virtual machine. Safenet sees the token on the host, but nothing in
the VM.

From Sectigo tech support:

"It is mandatory to plugin the device on every device you want to sign
the files . Unfortunately it can not be used on virtual machine."

Regarding the Safenet (below) you can download from sectigo, it's an
un-registered version. I don't know yet if it expires or how much it
costs if it does. I was able to use it to change the EV password. You
can also change the label.

It shows the maximum password re-tries as 15. And it shows how many
attempts have been made. So don't mess up<g>.

Jeff Slarve
www.jssoftware.com

Ones and Zeros are my Heroes

[NewsArchive]

You have done this?

Jeff Slarve
www.jssoftware.com

Ones and Zeros are my Heroes

[NewsArchive]

> You have done this?

I've seen it first hand software that was protected by those hardware
devices and drivers.

There is a "backup" service that has software that will read the original
device and create a file. That gets send to the company and they create a
data file from it.

Then a person loads a software driver on their PC that will load the data
file and present itself as the original device (even in a VM and even
multiple VMs at the same time).

When the protected software tries to access the hardware key, it thinks it
is talking to it and it loads and runs as expected.

I know people who have been running it for years now (and they update the
software solution every year as the hardware gets updated).

The hardware thing is a pretty good lock for someone who knows nothing
about getting around it, but it is an easy bypass if you have the tools.

Charles

--
-------------------------------------------------------------------------------------------------------
Charles Edmonds

cjeByteMeSpammers@lansrad.com (remove the "ByteMeSpammers" to email me)

www.learnh5fast.com - Master building web and mobile apps with Clarion H5!
www.clarionproseries.com - ProDocument, ImageEx, ProScan, ProImage, ProPath
and other Clarion developer tools!
www.seal-soft.com - The xProduct Clarion templates - xWordCOM, xToolTip,
xDataBackup Manager and more!
www.ezchangelog.com - "Free ChangeLog software to manage your projects!"
www.setupcast.com - "A revolutionary new publishing system for software
developers - enhanced for SetupBuilder users!"
www.ezround.com - "Round Corner HTML tables with matching Banners, Buttons
and Forms - Now with PNG support!
www.fotokiss.com - "World's Best Auction Photo Editor"
www.lansrad.com - "Intelligent Solutions for Universal Problems"
-------------------------------------------------------------------------------------------------------

[NewsArchive]

What does one stand to gain by defeating the intended security and
sending the coveted jewels to a 3rd party?

Jeff Slarve
www.jssoftware.com

Ones and Zeros are my Heroes

[NewsArchive]

> What does one stand to gain by defeating the intended security and
> sending the coveted jewels to a 3rd party?

The folks I know who are running it don't want the inconvenience of being
forced to have multiple USB keys hanging off a laptop (or carry a hub to
use with it).

Also the company who uses the keys charges you FULL price for a replacement
if you lose your key.

So most folks backup the key, put the originals in a safe deposit box and
call it a day.

Plus for ones that might use it on a laptop on the road and a desktop at
home, they never have to be unable to work if they forgot to take it off
the desktop PC before they left.

But I think the big thing for most of the ones I talked to is not getting
stuck paying $2500 for a new dongle if they lost it or it was stolen.

Charles

--
-------------------------------------------------------------------------------------------------------
Charles Edmonds

cjeByteMeSpammers@lansrad.com (remove the "ByteMeSpammers" to email me)

www.learnh5fast.com - Master building web and mobile apps with Clarion H5!
www.clarionproseries.com - ProDocument, ImageEx, ProScan, ProImage, ProPath
and other Clarion developer tools!
www.seal-soft.com - The xProduct Clarion templates - xWordCOM, xToolTip,
xDataBackup Manager and more!
www.ezchangelog.com - "Free ChangeLog software to manage your projects!"
www.setupcast.com - "A revolutionary new publishing system for software
developers - enhanced for SetupBuilder users!"
www.ezround.com - "Round Corner HTML tables with matching Banners, Buttons
and Forms - Now with PNG support!
www.fotokiss.com - "World's Best Auction Photo Editor"
www.lansrad.com - "Intelligent Solutions for Universal Problems"
-------------------------------------------------------------------------------------------------------

[NewsArchive]

>> What does one stand to gain by defeating the intended security and
>> sending the coveted jewels to a 3rd party?

I forgot to add that most people figure that is the software vendors
problem for using hardware dongles in the first place.

Personally I have never even considered them for our commercial products.

They alienate customers and potentially cause far more problems than they
solve.

Charles


--
-------------------------------------------------------------------------------------------------------
Charles Edmonds

cjeByteMeSpammers@lansrad.com (remove the "ByteMeSpammers" to email me)

www.learnh5fast.com - Master building web and mobile apps with Clarion H5!
www.clarionproseries.com - ProDocument, ImageEx, ProScan, ProImage, ProPath
and other Clarion developer tools!
www.seal-soft.com - The xProduct Clarion templates - xWordCOM, xToolTip,
xDataBackup Manager and more!
www.ezchangelog.com - "Free ChangeLog software to manage your projects!"
www.setupcast.com - "A revolutionary new publishing system for software
developers - enhanced for SetupBuilder users!"
www.ezround.com - "Round Corner HTML tables with matching Banners, Buttons
and Forms - Now with PNG support!
www.fotokiss.com - "World's Best Auction Photo Editor"
www.lansrad.com - "Intelligent Solutions for Universal Problems"
-------------------------------------------------------------------------------------------------------

[NewsArchive]

Charles,

> I forgot to add that most people figure that is the software vendors
> problem for using hardware dongles in the first place.
>
> Personally I have never even considered them for our commercial products.
>
> They alienate customers and potentially cause far more problems than they
> solve.

This is not your average dongle - it's for signing software programs,
not for running them.<g>

--
Lee White

RPM Report Viewer.: http://www.cwaddons.com/products/rpm/
Report Faxing.....: http://www.cwaddons.com/products/afe/
---Enroll Today---: http://CWaddons.com

Creative Reporting: http://www.CreativeReporting.com

Product Release & Update Notices
http://twitter.com/DeveloperPLUS

Hydrogen, the only CLEAN fuel and the future of clean air.

[NewsArchive]

> This is not your average dongle - it's for signing software programs,
> not for running them.<g>

I understand that.

My point was that the hardware was not more than a casual way to prevent
the magic key from being spread.

Charles


--
-------------------------------------------------------------------------------------------------------
Charles Edmonds

cjeByteMeSpammers@lansrad.com (remove the "ByteMeSpammers" to email me)

www.learnh5fast.com - Master building web and mobile apps with Clarion H5!
www.clarionproseries.com - ProDocument, ImageEx, ProScan, ProImage, ProPath
and other Clarion developer tools!
www.seal-soft.com - The xProduct Clarion templates - xWordCOM, xToolTip,
xDataBackup Manager and more!
www.ezchangelog.com - "Free ChangeLog software to manage your projects!"
www.setupcast.com - "A revolutionary new publishing system for software
developers - enhanced for SetupBuilder users!"
www.ezround.com - "Round Corner HTML tables with matching Banners, Buttons
and Forms - Now with PNG support!
www.fotokiss.com - "World's Best Auction Photo Editor"
www.lansrad.com - "Intelligent Solutions for Universal Problems"
-------------------------------------------------------------------------------------------------------

[NewsArchive]

okay. Sounds like the folks you know are into piracy.

Jeff Slarve
www.jssoftware.com

Ones and Zeros are my Heroes

[NewsArchive]

> okay. Sounds like the folks you know are into piracy.

Actually the developers I know who use the backup service are very legit
people. Every one of them pays thousands of dollars a year for legit
upgrades to software that they own and paid thousands of dollars for
originally.

They just don't want to be screwed for a new license just because a vendor
made a bad decision to use hardware locks and doesn't care that sometimes
bad things happen (keys are lost or stolen).

Plus with that many keys a laptop is useless without an external port, then
you are stuck carrying that and the cables for it.


I'd wager that all of the folks I know would be happy to pay the vendor
some sort of "insurance" fee to not get it stuck in their behinds and
broken off if something happened.

I mean sure, you could add it to an insurance policy for your home or
business, but if there was a fire you are usually looking at a minimum of 3
months to a year (maybe more) before there is any pay out on this sort of
thing. Meanwhile someone who spent a lot of money to get a tool they
needed (and can't yet afford a replacement license at full price) is
screwed and out of work because of the vendor policy.

I probably know 20 developers who use it and none of them consider it
anything more than a backup for something that they paid for. Several of
those who don't travel still use the original keys daily and just keep the
backup option in case something does happen.

At any rate, as I told Lee, my point was that the hardware used to secure
the certificates just wasn't all that secure. Granted I guess it is better
than nothing, but if someone with a laptop gained access to the key for 30
seconds they could get a duplicate running on any number of machines.

Charles


--
-------------------------------------------------------------------------------------------------------
Charles Edmonds

cjeByteMeSpammers@lansrad.com (remove the "ByteMeSpammers" to email me)

www.learnh5fast.com - Master building web and mobile apps with Clarion H5!
www.clarionproseries.com - ProDocument, ImageEx, ProScan, ProImage, ProPath
and other Clarion developer tools!
www.seal-soft.com - The xProduct Clarion templates - xWordCOM, xToolTip,
xDataBackup Manager and more!
www.ezchangelog.com - "Free ChangeLog software to manage your projects!"
www.setupcast.com - "A revolutionary new publishing system for software
developers - enhanced for SetupBuilder users!"
www.ezround.com - "Round Corner HTML tables with matching Banners, Buttons
and Forms - Now with PNG support!
www.fotokiss.com - "World's Best Auction Photo Editor"
www.lansrad.com - "Intelligent Solutions for Universal Problems"
-------------------------------------------------------------------------------------------------------