Just came across the following Phishing site which is using a StartCom cert:
hXXps://serviices-intl.com/webapps/6fa9b/websrc On 11/2/16, 6:32 PM, "dev-security-policy on behalf of Itzhak Daniel" <dev-security-policy-bounces+rkogan=trustwave....@lists.mozilla.org on behalf of itk98...@gmail.com> wrote: >On Wednesday, November 2, 2016 at 5:22:30 PM UTC+2, Gervase Markham wrote: >> Hi Daniel, >> >> On 02/11/16 14:11, Itzhak Daniel wrote: >> As far as the DigiCert certs go, it is far too early to have an opinion >> on what Mozilla is or isn't doing. > >I have to agree, the time span is too short (at least they didn't backdate). > >> I'm not sure what you mean by "ignoring Mozilla Security Community". I >> am happy with the level of communication by Comodo about their incident. > >AFAIK they didn't include the TLD '.re' in their incident report [1] (the >certificate was probably issued on Jun 30th, 2014; Google CT 1st seen >timestamp: 2014-07-02 14:54:54 GMT [2]), they had the same mistake before the >'sb' incident, but did/do not acknowledge it officially [3]. > >Links, >1. >https://scanmail.trustwave.com/?c=4062&d=sZWa2NJm1b7zf0w12nNA5JOUrTfLuNXQPooKM1C0fA&s=5&u=https%3a%2f%2fwww%2email-archive%2ecom%2fdev-security-policy%40lists%2emozilla%2eorg%2fmsg04274%2ehtml >2. >https://scanmail.trustwave.com/?c=4062&d=sZWa2NJm1b7zf0w12nNA5JOUrTfLuNXQPtwOMQDifg&s=5&u=https%3a%2f%2fcrt%2esh%2f%3fid%3d4467456 >3. >https://scanmail.trustwave.com/?c=4062&d=sZWa2NJm1b7zf0w12nNA5JOUrTfLuNXQPtpZZQXtKA&s=5&u=https%3a%2f%2fgroups%2egoogle%2ecom%2fforum%2f%23%21topic%2fmozilla%2edev%2esecurity%2epolicy%2fLQSrnPv2qOo >_______________________________________________ >dev-security-policy mailing list >dev-security-policy@lists.mozilla.org >https://scanmail.trustwave.com/?c=4062&d=sZWa2NJm1b7zf0w12nNA5JOUrTfLuNXQPtpZZ1bsJg&s=5&u=https%3a%2f%2flists%2emozilla%2eorg%2flistinfo%2fdev-security-policy ________________________________ This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy