RE: localhost.megasyncloopback.mega.nz private key in client

gt; Cc: Alex Cohn ; summern1...@gmail.com; mozilla- > dev-security-policy@lists.mozilla.org; #SSL_ABUSE > > Subject: Re: localhost.megasyncloopback.mega.nz private key in client > > On Sun, 5 Aug 2018 15:23:42 -0500 > Alex Cohn via dev-security-policy > wrote: > > >

RE: localhost.megasyncloopback.mega.nz private key in client

018 10:26 AM > To: r...@sleevi.com > Cc: Alex Cohn ; mozilla-dev-security- > pol...@lists.mozilla.org; ha...@hboeck.de; ssl_ab...@comodoca.com; > summern1...@gmail.com > Subject: RE: localhost.megasyncloopback.mega.nz private key in client > > Yup, it was Mozilla polic

RE: localhost.megasyncloopback.mega.nz private key in client

:15 AM To: Tim Hollebeek Cc: Alex Cohn ; ha...@hboeck.de; mozilla-dev-security-pol...@lists.mozilla.org; ssl_ab...@comodoca.com; summern1...@gmail.com Subject: Re: localhost.megasyncloopback.mega.nz private key in client Unfortunately, that's not correct. The CA/Browser Forum has passed

RE: localhost.megasyncloopback.mega.nz private key in client

: Re: localhost.megasyncloopback.mega.nz private key in client On Thu, 9 Aug 2018 13:24:48 + Jay Wilson via dev-security-policy wrote: > The certificate has been revoked. > The bounce issue has been escalated to resolve. Really? $ ocspverify 630835231.crt Response verify OK 6308352

Re: localhost.megasyncloopback.mega.nz private key in client

On Thu, 9 Aug 2018 13:24:48 + Jay Wilson via dev-security-policy wrote: > The certificate has been revoked. > The bounce issue has been escalated to resolve. Really? $ ocspverify 630835231.crt Response verify OK 630835231.crt: good This Update: Aug 4 15:34:50 2018 GMT

Re: localhost.megasyncloopback.mega.nz private key in client

gt; -Tim > > > > > -Original Message- > > > From: dev-security-policy < > dev-security-policy-boun...@lists.mozilla.org> > > On > > > Behalf Of Alex Cohn via dev-security-policy > > > Sent: Wednesday, August 8, 2018 4:01 PM > > > T

RE: localhost.megasyncloopback.mega.nz private key in client

ev-security-pol...@lists.mozilla.org>; > ssl_ab...@comodoca.com<mailto:ssl_ab...@comodoca.com>; > summern1...@gmail.com<mailto:summern1...@gmail.com> > Subject: Re: > localhost.megasyncloopback.mega.nz<http://localhost.megasyncloopback.mega.nz> > private key in cl

RE: localhost.megasyncloopback.mega.nz private key in client

: localhost.megasyncloopback.mega.nz private key in client On Wed, Aug 8, 2018 at 9:17 AM Hanno Böck mailto:ha...@hboeck.de>> wrote: As of today this is still unrevoked: https://crt.sh/?id=630835231=ocsp Given Comodo's abuse contact was CCed in this mail I assume they knew about this since Sunday. Thus we're way past

Re: localhost.megasyncloopback.mega.nz private key in client

t; From: dev-security-policy > On > > Behalf Of Alex Cohn via dev-security-policy > > Sent: Wednesday, August 8, 2018 4:01 PM > > To: ha...@hboeck.de > > Cc: mozilla-dev-security-pol...@lists.mozilla.org; > ssl_ab...@comodoca.com; > > summern1...@gmail.com > > Su

RE: localhost.megasyncloopback.mega.nz private key in client

curity-policy On > Behalf Of Alex Cohn via dev-security-policy > Sent: Wednesday, August 8, 2018 4:01 PM > To: ha...@hboeck.de > Cc: mozilla-dev-security-pol...@lists.mozilla.org; ssl_ab...@comodoca.com; > summern1...@gmail.com > Subject: Re: localhost.megasyncloopback.mega.

Re: localhost.megasyncloopback.mega.nz private key in client

On Wed, Aug 8, 2018 at 9:17 AM Hanno Böck wrote: > > As of today this is still unrevoked: > https://crt.sh/?id=630835231=ocsp > > Given Comodo's abuse contact was CCed in this mail I assume they knew > about this since Sunday. Thus we're way past the 24 hour in which they > should revoke it. > >

Re: localhost.megasyncloopback.mega.nz private key in client

On Sun, 5 Aug 2018 15:23:42 -0500 Alex Cohn via dev-security-policy wrote: > The certificate [1] in the GitHub link you posted was issued by > Comodo, not by GeoTrust. The two share a private key, though, so both > the Comodo and GeoTrust certs should be considered compromised at > this point.

Re: localhost.megasyncloopback.mega.nz private key in client

The certificate [1] in the GitHub link you posted was issued by Comodo, not by GeoTrust. The two share a private key, though, so both the Comodo and GeoTrust certs should be considered compromised at this point. I've added the Comodo-issued cert to several CT logs for tracking, and I'm CCing

Re: localhost.megasyncloopback.mega.nz private key in client

Hello Ben, Thanks for your fast response and help. After a bit research I also found the source with the key: https://github.com/meganz/MEGAsync/blob/master/src/MEGASync/control/Preferences.cpp As it is public I think it should not be problem to post it here. Best Regards Norbert

RE: localhost.megasyncloopback.mega.nz private key in client

v-security-policy On Behalf Of summern1538--- via dev-security-policy Sent: Thursday, August 2, 2018 4:06 AM To: mozilla-dev-security-pol...@lists.mozilla.org Subject: localhost.megasyncloopback.mega.nz private key in client Hello everyone, I'm not sure where to report this issue, this is my

localhost.megasyncloopback.mega.nz private key in client

Hello everyone, I'm not sure where to report this issue, this is my fist cert issue report. I tried to report it to GeoTrust, but they don't know about this domain. Replay from GeoTrust > Good day, > > Thank you very much for the friendly request. > > Unfortunately I was not able to find