Thanks. We've revoked the cert and are looking into what happened and will post
more information as we figure out what happened.
-Original Message-
From: dev-security-policy On
Behalf Of Hanno Böck via dev-security-policy
Sent: Friday, August 17, 2018 7:16 PM
To: dev-security-policy@lists.mozilla.org
Subject: New certificate from compromised key
Hi,
Some of you may remember the discussion about embedded private keys in
Blizzard's battle.net software here:
https://clicktime.symantec.com/a/1/XSDo7RID7Ms9aljAAOVAKoWLKhovvM_IrWUufr3rx9Y=?d=ixB7K8sQydENLDztiiH7GzNasNJEnDB7wpes6oH2tWqtBdDVXCNxgW2i1bbRkJqfnpl083l3TNcjtWxKIOnVAhGqcaj4ECVGiEq7QWlO6dCRNg4egXdTyDgqHswD4l2_m4Pxk9zUAmYUibMwcefQDsfGGz6sLG1gaRk6PE8ATedNDXFpHXXQ3X8tgqfhhFbzdbK-KZno6DvjAy2fbUKMeoLrt5-JYOYZ8bS3sc4T0z7px58X56Ui0evBkMsOMK0HcSsZX7KQrA-citRM46mkG2lfDnZe3y2yULYPaAArvERnDqmP0WXdYX-QSJiLrUhzXxwplePV8J5cbTa6HEa7_Jf0Ly9DeNwS5NbTtghxbRwAVERGDodw8HVrBfjCPyvF4SdS5kZhpMY%3D=https%3A%2F%2Fgroups.google.com%2Fforum%2F%23%21msg%2Fmozilla.dev.security.policy%2Fpk039T_wPrI%2FVYi629oGCwAJ
One of the certificates with a compromised key back then was issued by
Digicert:
https://clicktime.symantec.com/a/1/8QluDmhQ8mTJ30JiFIlP9Ea07fo7BeZ76x4vHiRQ4Es=?d=ixB7K8sQydENLDztiiH7GzNasNJEnDB7wpes6oH2tWqtBdDVXCNxgW2i1bbRkJqfnpl083l3TNcjtWxKIOnVAhGqcaj4ECVGiEq7QWlO6dCRNg4egXdTyDgqHswD4l2_m4Pxk9zUAmYUibMwcefQDsfGGz6sLG1gaRk6PE8ATedNDXFpHXXQ3X8tgqfhhFbzdbK-KZno6DvjAy2fbUKMeoLrt5-JYOYZ8bS3sc4T0z7px58X56Ui0evBkMsOMK0HcSsZX7KQrA-citRM46mkG2lfDnZe3y2yULYPaAArvERnDqmP0WXdYX-QSJiLrUhzXxwplePV8J5cbTa6HEa7_Jf0Ly9DeNwS5NbTtghxbRwAVERGDodw8HVrBfjCPyvF4SdS5kZhpMY%3D=https%3A%2F%2Fcrt.sh%2F%3Fid%3D287530764
I noticed that a new certificate for a different domain, but with that same
private key has been issued:
https://clicktime.symantec.com/a/1/UztZ9c6dq7VDtqVztbSn0ztsSjdjchyTG87cjFnvYyc=?d=ixB7K8sQydENLDztiiH7GzNasNJEnDB7wpes6oH2tWqtBdDVXCNxgW2i1bbRkJqfnpl083l3TNcjtWxKIOnVAhGqcaj4ECVGiEq7QWlO6dCRNg4egXdTyDgqHswD4l2_m4Pxk9zUAmYUibMwcefQDsfGGz6sLG1gaRk6PE8ATedNDXFpHXXQ3X8tgqfhhFbzdbK-KZno6DvjAy2fbUKMeoLrt5-JYOYZ8bS3sc4T0z7px58X56Ui0evBkMsOMK0HcSsZX7KQrA-citRM46mkG2lfDnZe3y2yULYPaAArvERnDqmP0WXdYX-QSJiLrUhzXxwplePV8J5cbTa6HEa7_Jf0Ly9DeNwS5NbTtghxbRwAVERGDodw8HVrBfjCPyvF4SdS5kZhpMY%3D=https%3A%2F%2Fcrt.sh%2F%3Fid%3D638323656
I tried to report it to rev...@digicert.com - but that address was replying
with an error message...
--
Hanno Böck
https://clicktime.symantec.com/a/1/RJ969RojJELZVkzGgzMk2SN78MqUTvCuXRkZHP0djk4=?d=ixB7K8sQydENLDztiiH7GzNasNJEnDB7wpes6oH2tWqtBdDVXCNxgW2i1bbRkJqfnpl083l3TNcjtWxKIOnVAhGqcaj4ECVGiEq7QWlO6dCRNg4egXdTyDgqHswD4l2_m4Pxk9zUAmYUibMwcefQDsfGGz6sLG1gaRk6PE8ATedNDXFpHXXQ3X8tgqfhhFbzdbK-KZno6DvjAy2fbUKMeoLrt5-JYOYZ8bS3sc4T0z7px58X56Ui0evBkMsOMK0HcSsZX7KQrA-citRM46mkG2lfDnZe3y2yULYPaAArvERnDqmP0WXdYX-QSJiLrUhzXxwplePV8J5cbTa6HEa7_Jf0Ly9DeNwS5NbTtghxbRwAVERGDodw8HVrBfjCPyvF4SdS5kZhpMY%3D=https%3A%2F%2Fhboeck.de%2F
mail/jabber: ha...@hboeck.de
GPG: FE73757FA60E4E21B937579FA5880072BBB51E42
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://clicktime.symantec.com/a/1/hc7xtvs26hqWeA42At7XWr7eeiDnWj1n6xCl__YKAGc=?d=ixB7K8sQydENLDztiiH7GzNasNJEnDB7wpes6oH2tWqtBdDVXCNxgW2i1bbRkJqfnpl083l3TNcjtWxKIOnVAhGqcaj4ECVGiEq7QWlO6dCRNg4egXdTyDgqHswD4l2_m4Pxk9zUAmYUibMwcefQDsfGGz6sLG1gaRk6PE8ATedNDXFpHXXQ3X8tgqfhhFbzdbK-KZno6DvjAy2fbUKMeoLrt5-JYOYZ8bS3sc4T0z7px58X56Ui0evBkMsOMK0HcSsZX7KQrA-citRM46mkG2lfDnZe3y2yULYPaAArvERnDqmP0WXdYX-QSJiLrUhzXxwplePV8J5cbTa6HEa7_Jf0Ly9DeNwS5NbTtghxbRwAVERGDodw8HVrBfjCPyvF4SdS5kZhpMY%3D=https%3A%2F%2Flists.mozilla.org%2Flistinfo%2Fdev-security-policy
smime.p7s
Description: S/MIME cryptographic signature
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
