[cryptography] Misuses/abuses of Sony's compromised root certificate?
Has anyone come across any reports of abuse due to Sony's compromised root? I believe its named Sony Corp. CA 2 Root? I did not find it in the Windows 8.1 certificate store. Are any of the browsers carrying it around? ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] Misuses/abuses of Sony's compromised root certificate?
Well, yes and no https://securelist.com/blog/security-policies/68073/destover-malware-now-digitally-signed-by-sony-certificates/ This particular incident may have been a joke, but there are rumors (on closed lists) of it being seen in the wild... W On Wed, Dec 17, 2014 at 3:41 PM, Jeffrey Walton noloa...@gmail.com wrote: Has anyone come across any reports of abuse due to Sony's compromised root? I believe its named Sony Corp. CA 2 Root? I did not find it in the Windows 8.1 certificate store. Are any of the browsers carrying it around? ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography -- I don't think the execution is relevant when it was obviously a bad idea in the first place. This is like putting rabid weasels in your pants, and later expressing regret at having chosen those particular rabid weasels and that pair of pants. ---maf ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] Misuses/abuses of Sony's compromised root certificate?
2014-12-17 21:41 GMT+01:00 Jeffrey Walton noloa...@gmail.com: Has anyone come across any reports of abuse due to Sony's compromised root? I believe its named Sony Corp. CA 2 Root? I did not find it in the Windows 8.1 certificate store. Are any of the browsers carrying it around? Since Vista, you'll only find on your store the root certificates you've encountered. Just checked in the official list, there's no Windows trusted root certificate named *sony*. -- Erwann. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] Misuses/abuses of Sony's compromised root certificate?
Pretty sure it's an internal root certificate to the Sony corporation. On Wed, Dec 17, 2014 at 1:19 PM, Erwann Abalea eaba...@gmail.com wrote: 2014-12-17 21:41 GMT+01:00 Jeffrey Walton noloa...@gmail.com: Has anyone come across any reports of abuse due to Sony's compromised root? I believe its named Sony Corp. CA 2 Root? I did not find it in the Windows 8.1 certificate store. Are any of the browsers carrying it around? Since Vista, you'll only find on your store the root certificates you've encountered. Just checked in the official list, there's no Windows trusted root certificate named *sony*. -- Erwann. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
