[Cryptography] Sony "root" certificates exposed
Erwann ABALEA
erwann at abalea.com
Mon Dec 15 16:26:45 EST 2014
2014-12-15 16:02 GMT+01:00 Henry Baker <hbaker1 at pipeline.com>:
>
> FYI --
>
>
> http://arstechnica.com/security/2014/12/hackers-promise-christmas-present-sony-pictures-wont-like/
> [...]
> Also among the spoils in one of last week’s file dumps was a Sony Corp. CA
> 2 “root” certificate—-a digital certificate issued by Sony’s corporate
> certificate authority to Sony Pictures to be used in creating server
> certificates for Sony’s Information Systems Service (ISS) infrastructure.
> This may have been used to create the Sony Pictures certificate that was
> used to sign a later version of the malware that took the company’s
> computers offline.
Has the private key of the corresponding certificate leaked? If not, that's
no big deal, a certificate is public by nature.
--
Erwann.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20141215/28b1228f/attachment.html>
More information about the cryptography
mailing list