Vulnerable self-signed root certificates: how many out here?

Since Dell computers shipped with a vulnerable root certificate containing the private key which can be extracted, it is not impossible that other manufacturers do so as well.

And like me, you maybe wonder if it's the case for smartphones too.
Adding this to my TODO list 😊: is there a CTS test for that, do apps exist already to verify all certificates installed on your phone.

#supercurioBlog #security

Dell apologizes for HTTPS certificate fiasco, provides removal tool | Ars Technica
Meanwhile, credential that posed man-in-the-middle threat found on SCADA system.

Source post on Google+

Published by

François Simond

Mobile engineer & analyst specialized in, display, camera color calibration, audio tuning

Leave a Reply