Métaphysicien Douteux · @metaphys
172 followers · 1929 posts · Server framapiaf.orghttps://arstechnica.com/information-technology/2018/03/trustico-website-goes-dark-after-someone-drops-critical-flaw-on-twitter/?comments=1&post=34905947&mode=quote
https://mobile.twitter.com/Manawyrm/status/969230542578348033
Oh putain il y a du rab ! :blobaww: #trustico #infosys #securité #ssl #certificate
#trustico #infosys #securité #ssl #certificate
CULTPONY :verified: :verified: · @cult
459 followers · 943 posts · Server pony.social
https://pony.social/media/BqAnFzwVM_wWxo9L2eI
I found #trustico 's secret stash!
lizard appreciator · @bonzoesc
480 followers · 15871 posts · Server m.bonzoesc.net
jomo · @jomo
1509 followers · 4753 posts · Server mstdn.io
jomo · @jomo
1509 followers · 4753 posts · Server mstdn.ioGET YOUR POPCORN READY #digicert #trustico https://www.mail-archive.com/dev-security-policy@lists.mozilla.org/msg09397.html
jomo · @jomo
1509 followers · 4753 posts · Server mstdn.ioMy guess is #trustico's server side generated private keys were permanently stored, badly secured and have now been compromised. I wonder how many lazy admins of large websites used this service.
jomo · @jomo
1509 followers · 4753 posts · Server mstdn.io
So #trustico sent 23k private keys to DigiCert to get the corresponding certificates revoked. I wonder where they got the private keys from? 🤪