Security Now (Audio) SN 1060: 3-Day Certificates - The Rise of AI Programming
Jan 14, 2026
Code signing certificates are getting pricier and more complicated, thanks to Microsoft's new three-day certs. Developers are facing hidden costs and red tape that could stifle innovation. California's new DROP program allows residents to opt out of data broker tracking, but its effectiveness is still in question. Plus, AI development is on the rise, with tools like Claude Code making it easier for non-coders to bring their ideas to life. The hosts also discuss the intriguing side effects of AI, including hallucinations that create fake places!
AI Snips
Chapters
Books
Transcript
Episode notes
A Real Phishing Hook Nearly Worked
- Leo Laporte described getting phished via a convincing T-Mobile points scam and entering multiple card numbers.
- He canceled cards quickly and credits issuer protections for limiting damage.
Why Three-Day Code Signing Works
- Short-lived signing certificates (e.g., three days) are used to limit exposure if a signing key is compromised.
- Timestamping the signed code preserves long-term validity despite short certificate lifetimes.
Prepare For Azure Signing Complexity
- Expect Azure Trusted Signing to require navigating complex Azure resource dependencies and tooling.
- Follow detailed walkthroughs (e.g., Rick Strahl's guide) to avoid wasting a day troubleshooting setup.
