[Cryptography] Sony "root" certificates exposed

Peter Gutmann pgut001 at cs.auckland.ac.nz
Mon Dec 15 16:59:53 EST 2014

Henry Baker <hbaker1 at pipeline.com> quotes:

>There were also certificates for a JP Morgan Chase electronic corporate 
>banking application, SSL certificates for sites including the Sony Pictures 
>Store e-commerce site, and other certificates associated with intranet 
>servers and other infrastructure from multiple telecommunications providers.

The Ars story confuses certificates and keys, for example in the second 
picture they show (and highlight the names of) certificates for GTE Cybertrust 
Global Root and JP Morgan, US, which it's unlikely that Sony have the private 
keys for.  I can do something similar to what's shown in the story by going to 
(for example) https://account.sonyentertainmentnetwork.com/ and clicking on 
the padlock icon.


More information about the cryptography mailing list