gt; Cc: Alex Cohn ; summern1...@gmail.com; mozilla-
> dev-security-policy@lists.mozilla.org; #SSL_ABUSE
>
> Subject: Re: localhost.megasyncloopback.mega.nz private key in client
>
> On Sun, 5 Aug 2018 15:23:42 -0500
> Alex Cohn via dev-security-policy
> wrote:
>
> >
018 10:26 AM
> To: r...@sleevi.com
> Cc: Alex Cohn ; mozilla-dev-security-
> pol...@lists.mozilla.org; ha...@hboeck.de; ssl_ab...@comodoca.com;
> summern1...@gmail.com
> Subject: RE: localhost.megasyncloopback.mega.nz private key in client
>
> Yup, it was Mozilla polic
:15 AM
To: Tim Hollebeek
Cc: Alex Cohn ; ha...@hboeck.de;
mozilla-dev-security-pol...@lists.mozilla.org; ssl_ab...@comodoca.com;
summern1...@gmail.com
Subject: Re: localhost.megasyncloopback.mega.nz private key in client
Unfortunately, that's not correct. The CA/Browser Forum has passed
: Re: localhost.megasyncloopback.mega.nz private key in client
On Thu, 9 Aug 2018 13:24:48 +
Jay Wilson via dev-security-policy
wrote:
> The certificate has been revoked.
> The bounce issue has been escalated to resolve.
Really?
$ ocspverify 630835231.crt
Response verify OK
6308352
On Thu, 9 Aug 2018 13:24:48 +
Jay Wilson via dev-security-policy
wrote:
> The certificate has been revoked.
> The bounce issue has been escalated to resolve.
Really?
$ ocspverify 630835231.crt
Response verify OK
630835231.crt: good
This Update: Aug 4 15:34:50 2018 GMT
gt; -Tim
> >
> > > -Original Message-
> > > From: dev-security-policy <
> dev-security-policy-boun...@lists.mozilla.org>
> > On
> > > Behalf Of Alex Cohn via dev-security-policy
> > > Sent: Wednesday, August 8, 2018 4:01 PM
> > > T
ev-security-pol...@lists.mozilla.org>;
> ssl_ab...@comodoca.com<mailto:ssl_ab...@comodoca.com>;
> summern1...@gmail.com<mailto:summern1...@gmail.com>
> Subject: Re:
> localhost.megasyncloopback.mega.nz<http://localhost.megasyncloopback.mega.nz>
> private key in cl
: localhost.megasyncloopback.mega.nz private key in client
On Wed, Aug 8, 2018 at 9:17 AM Hanno Böck
mailto:ha...@hboeck.de>> wrote:
As of today this is still unrevoked:
https://crt.sh/?id=630835231=ocsp
Given Comodo's abuse contact was CCed in this mail I assume they knew
about this since Sunday. Thus we're way past
t; From: dev-security-policy
> On
> > Behalf Of Alex Cohn via dev-security-policy
> > Sent: Wednesday, August 8, 2018 4:01 PM
> > To: ha...@hboeck.de
> > Cc: mozilla-dev-security-pol...@lists.mozilla.org;
> ssl_ab...@comodoca.com;
> > summern1...@gmail.com
> > Su
curity-policy On
> Behalf Of Alex Cohn via dev-security-policy
> Sent: Wednesday, August 8, 2018 4:01 PM
> To: ha...@hboeck.de
> Cc: mozilla-dev-security-pol...@lists.mozilla.org; ssl_ab...@comodoca.com;
> summern1...@gmail.com
> Subject: Re: localhost.megasyncloopback.mega.
On Wed, Aug 8, 2018 at 9:17 AM Hanno Böck wrote:
>
> As of today this is still unrevoked:
> https://crt.sh/?id=630835231=ocsp
>
> Given Comodo's abuse contact was CCed in this mail I assume they knew
> about this since Sunday. Thus we're way past the 24 hour in which they
> should revoke it.
>
>
On Sun, 5 Aug 2018 15:23:42 -0500
Alex Cohn via dev-security-policy
wrote:
> The certificate [1] in the GitHub link you posted was issued by
> Comodo, not by GeoTrust. The two share a private key, though, so both
> the Comodo and GeoTrust certs should be considered compromised at
> this point.
The certificate [1] in the GitHub link you posted was issued by Comodo, not
by GeoTrust. The two share a private key, though, so both the Comodo and
GeoTrust certs should be considered compromised at this point. I've added
the Comodo-issued cert to several CT logs for tracking, and I'm CCing
Hello Ben,
Thanks for your fast response and help.
After a bit research I also found the source with the key:
https://github.com/meganz/MEGAsync/blob/master/src/MEGASync/control/Preferences.cpp
As it is public I think it should not be problem to post it here.
Best Regards
Norbert
v-security-policy
On Behalf
Of summern1538--- via dev-security-policy
Sent: Thursday, August 2, 2018 4:06 AM
To: mozilla-dev-security-pol...@lists.mozilla.org
Subject: localhost.megasyncloopback.mega.nz private key in client
Hello everyone,
I'm not sure where to report this issue, this is my
Hello everyone,
I'm not sure where to report this issue, this is my fist cert issue report.
I tried to report it to GeoTrust, but they don't know about this domain.
Replay from GeoTrust
> Good day,
>
> Thank you very much for the friendly request.
>
> Unfortunately I was not able to find
16 matches
Mail list logo