1w6 uRPG 1w6 uRPG
  • Login
  • Public

    • Public
    • Groups
    • Popular
    • Directory

https://sn.1w6.org/file/dethos-20180303T235927-46tqqbu.html

https://sn.1w6.org/file/dethos-20180303T235927-46tqqbu.html

Not sure what is more shocking:

A CA having 23k private keys of their customer's certs and the CEO emailing them: http://blog.koehntopp.info/index.php/3075-how-not-to-run-a-ca/

A CA having a website which allows RCE as root, from a website input: https://arstechnica.com/information-technology/2018/03/trustico-website-goes-dark-after-someone-drops-critical-flaw-on-twitter/

I'm just speechless.

#security #infosec #netsec

Notices where this attachment appears

  1. dethos dethos

    Not sure what is more shocking:A CA having 23k private keys of their customer's certs and the CEO emailing them: http://blog.koehntopp.info/index.php/3075-how-not-to-run-a-ca/A CA having a website which allows RCE as root, from a …

    Friday, 02-Mar-18 02:11:31 UTC
  • Help
  • About
  • FAQ
  • TOS
  • Privacy
  • Source
  • Version
  • Contact

1w6 uRPG is a microblogging service brought to you by Arne (Drak) Babenhauserheide. It runs the StatusNet microblogging software, version 1.1.1-release, available under the GNU Affero General Public License. The running version includes the patches from draketo.de/proj/statusnet-patches.

Creative Commons Attribution 3.0 All 1w6 uRPG content and data are available under the Creative Commons Attribution 3.0 license.