[Cryptography] Sony "root" certificates exposed

Phill hallam at gmail.com
Tue Dec 16 09:10:00 EST 2014

On Dec 15, 2014, at 10:09 PM, Tom Mitchell <mitch at niftyegg.com> wrote:

> On Mon, Dec 15, 2014 at 7:02 AM, Henry Baker <hbaker1 at pipeline.com> wrote:
> FYI --
> ......
> GoP had details on every server and PC, as well as SPE’s “root” certificate.
> Is there any evidence that new certificates have been generated and issued.
> It seems that this is a prudent step.

We don’t know if there was a breach yet.

The certificates aren’t published but they are not secret. They are used on the public network and were visible before the attack.

If the private key was compromised or the CA was breached and caused to mis-issue, that is a completely different ball game.

It isn’t unusual for hackers to tell reporters that they have committed more serious attacks than they have. We once had a hardware failure at www.whitehouse.gov. I know it was a hardware failure because I had the sysop call me to ask if we had a spare router he could borrow (this was back in the days before you could walk into a store and buy one). In the meantime a gang of pro-Serb hactivists knocked over a few other sites then called a journalist at wired claiming they had hacked the whitehouse.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20141216/aa5c784a/attachment.html>

More information about the cryptography mailing list