On Thu, Apr 4, 2019 at 7:57 AM CERT Coordination Center
wrote:
> Thanks Rob!
>
> Actually, as I look at one of these cases:
>
> https://crt.sh/?spkisha256=8628d8106b72c39d98e8e731fc3b9364940efea0dfbb4816b1382542a979c834
>
> The latest certificate using the above key expires in just a few days.
>
Thanks Rob!
Actually, as I look at one of these cases:
https://crt.sh/?spkisha256=8628d8106b72c39d98e8e731fc3b9364940efea0dfbb4816b1382542a979c834
The latest certificate using the above key expires in just a few days.
But you can see the track record of the same private key being used
repeatedly
I've just created a batch for this second list on the Revocation Tracker:
https://misissued.com/batch/49/
On 03/04/2019 15:50, CERT Coordination Center wrote:
> Hi Wayne,
>
> Sorry about the delay in getting back to you. This first round of CA
> notifications went out at approximately 10AM East
Hi Wayne,
Sorry about the delay in getting back to you. This first round of CA
notifications went out at approximately 10AM Eastern time on March 25, 2019.
I just sent out a new set of notifications. This time the notifications
were limited only currently-valid certificates, as expired-cert
not
onday, March 25, 2019 8:44 PM
To: Rob Stradling
Cc: dev-security-policy@lists.mozilla.org; CERT Coordination Center
Subject: Re: CA-issued certificates for publicly-available private keys
VU#553544
Thank you for the report Will and for the tracking info Rob.
It appears that all but one of these
Thank you for the report Will and for the tracking info Rob.
It appears that all but one of these certificates is currently revoked, but
roughly 5 more weren't revoked until earlier today, which I assume was more
than 24 hours since they were reported to the CA.
Will: can you share an approximate
I've just created a batch for this list on the Revocation Tracker:
https://misissued.com/batch/47/
On 22/03/2019 19:05, CERT Coordination Center via dev-security-policy wrote:
> Hi folks,
>
> I'm sharing this information with this list per suggestion of Hanno
> Böck. Some time ago we started lo
Hi folks,
I'm sharing this information with this list per suggestion of Hanno
Böck. Some time ago we started looking at private keys that are
included with Android apps that are publicly available in the Google
Play store. Some subset of these keys have been used to obtain
certificates from CAs
8 matches
Mail list logo