[Cryptography] Sony "root" certificates exposed
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Mon Dec 15 16:59:53 EST 2014
Henry Baker <hbaker1 at pipeline.com> quotes:
>There were also certificates for a JP Morgan Chase electronic corporate
>banking application, SSL certificates for sites including the Sony Pictures
>Store e-commerce site, and other certificates associated with intranet
>servers and other infrastructure from multiple telecommunications providers.
The Ars story confuses certificates and keys, for example in the second
picture they show (and highlight the names of) certificates for GTE Cybertrust
Global Root and JP Morgan, US, which it's unlikely that Sony have the private
keys for. I can do something similar to what's shown in the story by going to
(for example) https://account.sonyentertainmentnetwork.com/ and clicking on
the padlock icon.
Peter.
More information about the cryptography
mailing list