[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Cryptography] CA reseller emails 23, 000 client private keys to parent CA

I wrote:

>In case anyone missed this, CA reseller Trustico recently emailed 23,000 of
>its client's private keys that it generated and held for them to the CA that
>issues certificates for it.

It's now been pointed out that the server they were using to do this is
vulnerable to remote code exec as root.  For people who aren't doing so
already, this is definitely a soap opera worth following.

The cryptography mailing list
cryptography AT metzdowd.com