[SSL Observatory] SSL CA compromise in the wild
Jacob Appelbaum
jacob at appelbaum.net
Wed Mar 23 10:32:58 PDT 2011
On 03/23/2011 10:31 AM, Matt McCutchen wrote:
> On Wed, 2011-03-23 at 10:29 -0700, Jacob Appelbaum wrote:
>> On 03/23/2011 08:26 AM, Steve Schultze wrote:
>>> Hey Jacob, in your post you say:
>>>
>>> "Mozilla offered some additional information and disclosed that addons.mozilla.org was one of the certificates acquired by the attacker. "
>>>
>>> Where did they disclose that? I don't see it in their blog post.
>>>
>>> Nice work btw.
>>
>> They disclosed this in a bug report:
>> https://bugzilla.mozilla.org/show_bug.cgi?id=643056
>
> Which is not open to the public.
>
Yeah, isn't that interesting too?
I would mark the bug as public but I am not able to do so.
All the best,
Jacob
More information about the Observatory
mailing list