Re: SSL private key for *.alipcsec.com embedded in PC client executables

2018-12-10 Thread Mark Steward via dev-security-policy
This time it's just hanging around in memory, no need to do anything about the anti-debug. $ openssl x509 -noout -modulus -in 300288180.crt|md5sum f423a009387fb7a306673b517ed4f163 - $ openssl rsa -noout -modulus -in alibaba-localhost.key.pem|md5sum f423a009387fb7a306673b517ed4f163 - You can

Re: Certificates with shared private keys by gaming software (EA origin, Blizzard battle.net)

2017-12-29 Thread Mark Steward via dev-security-policy
On Mon, Dec 25, 2017 at 7:50 PM, Matthew Hardeman via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > Part of the trouble in relying upon the name alone is that on many OS's > (maybe all -- at least all the ones that matter for client side work) can > have localhost

Re: Certificates with shared private keys by gaming software (EA origin, Blizzard battle.net)

2017-12-29 Thread Mark Steward via dev-security-policy
I sent the key to Jeremy on Tuesday as Hanno suggested, and it was revoked at 9am the next morning. The encrypted private key information is only in memory during startup, so I identified that bit of code and broke into a debugger. You could pull the parameters out of OpenSSL's internals too.

Re: Certificates with shared private keys by gaming software (EA origin, Blizzard battle.net)

2017-12-25 Thread Mark Steward via dev-security-policy
On Mon, Dec 25, 2017 at 5:01 PM, Matthew Hardeman via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > On Monday, December 25, 2017 at 10:24:30 AM UTC-6, Hanno Böck wrote: > > On Mon, 25 Dec 2017 14:43:21 + > > Jeremy Rowley via dev-security-policy > >