> The code injection occurred on an interface they had to check the
> certificate of an arbitrary server. When was used, the
> trustico.com certificate was returned. That means the local web server
> was handling TLS, not a remote load balancer solution (unless somehow
> was forwarding to a remote host, which doesn't really make any
> sense).
> --
> Hector Martin "marcan" (mar...@marcan.st)
> Public Key: https://mrcn.st/pub

Did *anyone* capture this information in a way that can be proven?

While I personally would not trust any content from either hostname, the
Twitter post referenced earlier is not sufficient proof of key compromise.
dev-security-policy mailing list

Reply via email to