Invalid signatures when running apt-get update

As Gilles explained, most Linux repositories are signed with GPG encryption keys. apt then uses these keys to ensure the authenticity of the repositories. In order to safely use a repository, you need to add it's keys to the list that apt considers trusted.

Each necessary key needs to be downloaded from a key server which is done with this command (I am using keyserver.ubuntu.com but you can use others):

apt-key adv --recv-keys --keyserver keyserver.ubuntu.com KEY_NAME

From man apt-key:

   adv
       Pass advanced options to gpg. With adv --recv-key you can download
       the public key.

In your case, apt is complaining about keys 3EE67F3D0FF405B2,40976EAF437D05B5,40976EAF437D05B5 and 5A9A06AEF9CB8DB0, you can get all three of them by running:

sudo apt-key adv --recv-keys --keyserver keyserver.ubuntu.com 3EE67F3D0FF405B2 40976EAF437D05B5 40976EAF437D05B5 5A9A06AEF9CB8DB0

If all goes well you should see various lines of output including:

gpg: Total number processed: 4
gpg:               imported: 4  (RSA: 1)
gpg:              unchanged: 0
gpg:         new signatures: 4

Alternate possibility, if your apt-get/aptitude has been found in an unusual state recently, is that its internal lists are damaged and incompatible with the true keys. Cleaning the cache and restarting on fresh basis can help:

   sudo rm -r /var/lib/apt/lists
   sudo mkdir -p /var/lib/apt/lists/partial
   sudo aptitude update

(op: http://ubuntuforums.org/showthread.php?t=802156&p=9697234#post9697234 )