Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://infosec.exchange/users/badkeys/statuses/113544387907892087">badkeys (badkeys@infosec.exchange)'s status on Tuesday, 26-Nov-2024 18:51:42 JST</a><a href="https://infosec.exchange/@badkeys" title="badkeys@infosec.exchange"><img src="https://gnusocial.jp/avatar/300377-48-20241126095142.webp" width="48" height="48" alt="badkeys" style="position: absolute; left: 0; top: 0;">badkeys</a></section><article><p>I discovered a certificate using a "public private key", in this case a key that is part of OpenSSL's test suite. This would not necessarily be a particularly interesting event. It happens every now and then that people use private keys they find on the Internet, likely due to a lack of understanding of public key cryptography. I usually report them for revocation, and move on. However, this one is a bit more unusual. It has been issued by the CA Digicert - for a domain owned by Digicert. <a href="https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/d21mtDJ7YXQ" rel="nofollow noreferrer">https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/d21mtDJ7YXQ</a></p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/4072290#notice-7957665">In conversation</a><time datetime="2024-11-26T18:51:42+09:00" title="Tuesday, 26-Nov-2024 18:51:42 JST">about 5 months ago</time> <span>from <span><a href="https://infosec.exchange/@badkeys/113544387907892087" rel="external" title="Sent from infosec.exchange via ActivityPub">infosec.exchange</a></span></span><a href="https://infosec.exchange/@badkeys/113544387907892087">permalink</a><h4>Attachments</h4><ol><li><article><header><div>No result found on File_thumbnail lookup.</div><h5><a href="https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/d21mtDJ7YXQ">Certificate with compromised key / *.digicert-demo.com</a></h5><div></div></header><div></div><footer></footer></article></li></ol></footer></blockquote>

Corresponding Notice

Embed this notice
badkeys (badkeys@infosec.exchange)'s status on Tuesday, 26-Nov-2024 18:51:42 JST badkeys
I discovered a certificate using a "public private key", in this case a key that is part of OpenSSL's test suite. This would not necessarily be a particularly interesting event. It happens every now and then that people use private keys they find on the Internet, likely due to a lack of understanding of public key cryptography. I usually report them for revocation, and move on. However, this one is a bit more unusual. It has been issued by the CA Digicert - for a domain owned by Digicert. https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/d21mtDJ7YXQ
In conversationabout 5 months ago from infosec.exchangepermalink
Attachments
1. No result found on File_thumbnail lookup.
  Certificate with compromised key / *.digicert-demo.com

Public

Embed Notice

HTML Code

Corresponding Notice