diff --git a/ChangeLog.txt b/ChangeLog.txt
index 7213970e..b9035a51 100644
--- a/ChangeLog.txt
+++ b/ChangeLog.txt
@@ -1,3 +1,10 @@
+o Version 2.5 (2015.10.??)
+    Add SHA-256 checksum verification
+    Add a cheat mode to disable exclusive USB drive locking (Alt-,)
+    Add digital signature check on update downloads
+    Report Windows build number in the log (for Windows 8 and later)
+    Additional translation updates
+
 o Version 2.4 (2015.09.27)
     Allow some settings and cheat modes to be persisted between sessions
     Fix multiple issues with flash drive detection
diff --git a/res/localization/ChangeLog.txt b/res/localization/ChangeLog.txt
index 09222d02..82c7a297 100644
--- a/res/localization/ChangeLog.txt
+++ b/res/localization/ChangeLog.txt
@@ -15,6 +15,17 @@ content. PLEASE, do not just look at this Changelog when updating your
 translation, but always use the English section of rufus.loc as your base.
 For instance, MSG_114, that was introduced in v1.0.8 is MORE than one line!
 
+o Version 1.0.19 (2015.10.15)
+    Note: The following message can be tested by pressing Alt-, (That's the 'Alt' and 'comma' keys on your keyboard)
+          In case the message below is not clear, you can consider that it says "Exclusive locking of the USB drive"
+  - *NEW* MSG_282 "Exclusive USB drive locking"
+    Note: The following messages will appear after a new Rufus update has been downloaded from the
+          Internet in case something is very wrong with its digital signature...
+  - *NEW* MSG_283 "Invalid signature"
+  - *NEW* MSG_284 "The downloaded executable is missing a digital signature."
+	- *NEW* MSG_285 "The downloaded executable is signed by '%s'.\nThis is not a signature we recognize and could "
+                  "indicate some form of malicious activity...\nAre you sure you want to run this file?"
+
 o Version 1.0.18 (2015.09.03)
   - Changed MSG_081 "Unsupported ISO" -> "Unsupported image"
   - Changed MSG_082 -> "This image is either non-bootable, or it uses a boot or compression method that is not supported by Rufus..."
diff --git a/res/localization/rufus.loc b/res/localization/rufus.loc
index 1c7fe359..b96f99c8 100644
--- a/res/localization/rufus.loc
+++ b/res/localization/rufus.loc
@@ -88,7 +88,7 @@
 # http://download.microsoft.com/download/9/5/E/95EF66AF-9026-4BB0-A41D-A4F81802D92C/%5BMS-LCID%5D.pdf
 # for the LCID (0x####) codes you should use
 l "en-US" "English (English)" 0x0409, 0x0809, 0x0c09, 0x1009, 0x1409, 0x1809, 0x1c09, 0x2009, 0x2409, 0x2809, 0x2c09, 0x3009, 0x3409, 0x3809, 0x3c09, 0x4009, 0x4409, 0x4809
-v 1.0.18
+v 1.0.19
 
 # Main dialog
 g IDD_DIALOG
@@ -538,10 +538,11 @@ t MSG_278 "Boot type"
 t MSG_279 "Non bootable"
 t MSG_280 "Image selection"
 t MSG_281 "(Please select an image)"
-t MSG_282 "Drive locking"
+t MSG_282 "Exclusive USB drive locking"
 t MSG_283 "Invalid signature"
 t MSG_284 "The downloaded executable is missing a digital signature."
-t MSG_285 "The downloaded executable was signed by '%s'.\nThis doesn't look right... Are you sure you want to run it?"
+t MSG_285 "The downloaded executable is signed by '%s'.\nThis is not a signature we recognize and could "
+	"indicate some form of malicious activity...\nAre you sure you want to run this file?"
 
 ################################################################################
 ############################# TRANSLATOR END COPY ##############################
@@ -4511,7 +4512,7 @@ t MSG_281 "(Valitse levykuva)"
 
 ################################################################################
 l "fr-FR" "French (Français)" 0x040c, 0x080c, 0x0c0c, 0x100c, 0x140c, 0x180c, 0x1c0c, 0x200c, 0x240c, 0x280c, 0x2c0c, 0x300c, 0x340c, 0x380c, 0xe40c
-v 1.0.18
+v 1.0.19
 b "en-US"
 
 g IDD_DIALOG
@@ -4922,6 +4923,11 @@ t MSG_278 "Type de démarrage"
 t MSG_279 "Non démarrable"
 t MSG_280 "Sélection d'image"
 t MSG_281 "(Veuillez sélectioner une image)"
+t MSG_282 "Verrouillage exclusif de périphérique USB"
+t MSG_283 "Signature invalide"
+t MSG_284 "L'exécutable téléchargé ne possède pas de signature digitale."
+t MSG_285 "L'exécutable téléchargé est signé par '%s'.\nCe n’est pas une signature que nous reconnaissons et "
+	"pourrait indiquer une activité malicieuse...\nÊtes-vous certain de vouloir lancer ce fichier?"
 
 ################################################################################
 l "de-DE" "German (Deutsch)" 0x0407, 0x0807, 0x0c07, 0x1007, 0x1407
diff --git a/src/pki.c b/src/pki.c
index 3fdb3812..de019f73 100644
--- a/src/pki.c
+++ b/src/pki.c
@@ -137,7 +137,7 @@ LONG ValidateSignature(HWND hDlg, const char* path)
 	GUID guid_generic_verify =	// WINTRUST_ACTION_GENERIC_VERIFY_V2
 		{ 0xaac56b, 0xcd44, 0x11d0,{ 0x8c, 0xc2, 0x0, 0xc0, 0x4f, 0xc2, 0x95, 0xee } };
 	char *signature_name;
-	int i;
+	size_t i, len;
 
 	// Check the signature name. Make it specific enough (i.e. don't simply check for "Akeo")
 	// so that, besides hacking our server, it'll place an extra hurdle on any malicious entity
@@ -149,11 +149,15 @@ LONG ValidateSignature(HWND hDlg, const char* path)
 		return TRUST_E_NOSIGNATURE;
 	}
 	for (i = 0; i < ARRAYSIZE(valid_cert_names); i++) {
-		if (strncmp(signature_name, valid_cert_names[i], strlen(valid_cert_names[i])) == 0)
-			break;
+		len = strlen(valid_cert_names[i]);
+		if (strncmp(signature_name, valid_cert_names[i], len) == 0) {
+			// Test for whitespace after the part we match, for added safety
+			if ((len >= strlen(signature_name)) || isspace(signature_name[len]))
+				break;
+		}
 	}
 	if (i >= ARRAYSIZE(valid_cert_names)) {
-		uprintf("PKI: Signature '%s' doesn't look right...", signature_name);
+		uprintf("PKI: Signature '%s' is unexpected...", signature_name);
 		if (MessageBoxU(hDlg, lmprintf(MSG_285, signature_name), lmprintf(MSG_283),
 			MB_YESNO | MB_ICONWARNING | MB_IS_RTL) != IDYES)
 			return TRUST_E_EXPLICIT_DISTRUST;
diff --git a/src/rufus.rc b/src/rufus.rc
index db864ce4..4d9aa9e7 100644
--- a/src/rufus.rc
+++ b/src/rufus.rc
@@ -32,7 +32,7 @@ LANGUAGE LANG_NEUTRAL, SUBLANG_NEUTRAL
 
 IDD_DIALOG DIALOGEX 12, 12, 242, 376
 STYLE DS_SETFONT | DS_MODALFRAME | DS_CENTER | WS_MINIMIZEBOX | WS_POPUP | WS_CAPTION | WS_SYSMENU
-CAPTION "Rufus 2.5.767"
+CAPTION "Rufus 2.5.768"
 FONT 8, "Segoe UI Symbol", 400, 0, 0x0
 BEGIN
     LTEXT           "Device",IDS_DEVICE_TXT,9,6,200,8
@@ -319,8 +319,8 @@ END
 //
 
 VS_VERSION_INFO VERSIONINFO
- FILEVERSION 2,5,767,0
- PRODUCTVERSION 2,5,767,0
+ FILEVERSION 2,5,768,0
+ PRODUCTVERSION 2,5,768,0
  FILEFLAGSMASK 0x3fL
 #ifdef _DEBUG
  FILEFLAGS 0x1L
@@ -337,13 +337,13 @@ BEGIN
         BEGIN
             VALUE "CompanyName", "Akeo Consulting (http://akeo.ie)"
             VALUE "FileDescription", "Rufus"
-            VALUE "FileVersion", "2.5.767"
+            VALUE "FileVersion", "2.5.768"
             VALUE "InternalName", "Rufus"
             VALUE "LegalCopyright", "© 2011-2015 Pete Batard (GPL v3)"
             VALUE "LegalTrademarks", "http://www.gnu.org/copyleft/gpl.html"
             VALUE "OriginalFilename", "rufus.exe"
             VALUE "ProductName", "Rufus"
-            VALUE "ProductVersion", "2.5.767"
+            VALUE "ProductVersion", "2.5.768"
         END
     END
     BLOCK "VarFileInfo"