[cryptography] Misuses/abuses of Sony's compromised root certificate?

Warren Kumari warren at kumari.net
Wed Dec 17 16:01:18 EST 2014


Well, yes and no....

https://securelist.com/blog/security-policies/68073/destover-malware-now-digitally-signed-by-sony-certificates/

This particular incident may have been a "joke", but there are rumors
(on closed lists) of it being seen in the wild...


W

On Wed, Dec 17, 2014 at 3:41 PM, Jeffrey Walton <noloader at gmail.com> wrote:
> Has anyone come across any reports of abuse due to Sony's compromised
> root? I believe its named "Sony Corp. CA 2 Root"?
>
> I did not find it in the Windows 8.1 certificate store. Are any of the
> browsers carrying it around?
> _______________________________________________
> cryptography mailing list
> cryptography at randombit.net
> http://lists.randombit.net/mailman/listinfo/cryptography



-- 
I don't think the execution is relevant when it was obviously a bad
idea in the first place.
This is like putting rabid weasels in your pants, and later expressing
regret at having chosen those particular rabid weasels and that pair
of pants.
   ---maf


More information about the cryptography mailing list