Martin's selection of few interesting IT Security, Privacy, and free tools from the Net: D-Link adds additional stuff to their open source firmware, The stuff happens to be their the "private key" and the "pass phrases"

Friday, September 18, 2015

D-Link adds additional stuff to their open source firmware, The stuff happens to be their the "private key" and the "pass phrases"

Apparently someone did not understand PKI-101.
Guard your private key. It is the the on and only important key to the kingdom that it is supposed to protect.
Good news is that the cert expired on 09/03

From the Article
Private keys used to sign software published by D-Link were found in the company’s open source firmware packages. While it’s unknown whether the keys were used by malicious third parties, the possibility exists that they could have been used by a hacker to sign malware, making it much easier to execute attacks.

The reader found not only the private keys, but also passphrases needed to sign the software.

The D-Link cert, was published on Feb. 27 and was exposed more than six months before it expired Sept. 3

For More Info
https://threatpost.com/d-link-accidentally-leaks-private-code-signing-keys/114727/

Martin's selection of few interesting IT Security, Privacy, and free tools from the Net

Friday, September 18, 2015

D-Link adds additional stuff to their open source firmware, The stuff happens to be their the "private key" and the "pass phrases"

No comments:

Post a Comment

Popular Posts

Categories

Blog Archive