Re: When are public applications embedding certificates pointing to 127.0.0.1 OK?

For your information: I have reported this issue to Spotify on Monday (yesterday) through their official vulnerability disclosure channel (HackerOne). The (not-yet-public) issue was assigned ID 241222. In the report I have included all the necessary (technical) details, including citations of the

Private key corresponding to public key in trusted Cisco certificate embedded in executable

Hi all, Last weekend, in an attempt to get Sky's NOW TV video player (for Mac) to work on my machine, I noticed that one of the Cisco executables contains a private key that is associated with the public key in a trusted certificate for a cisco.com sub domain (drmlocal.cisco