New certificate from compromised key

[Hanno Böck]

Hi,

Some of you may remember the discussion about embedded private keys in
Blizzard's battle.net software here:
https://groups.google.com/forum/#!msg/mozilla.dev.security.policy/pk039T_wPrI/VYi629oGCwAJ

One of the certificates with a compromised key back then was issued by
Digicert:
https://crt.sh/?id=287530764

I noticed that a new certificate for a different domain, but with that
same private key has been issued:
https://crt.sh/?id=638323656

I tried to report it to rev...@digicert.com - but that address was
replying with an error message...

--
Hanno Böck
https://hboeck.de/

mail/jabber: ha...@hboeck.de
GPG: FE73757FA60E4E21B937579FA5880072BBB51E42

[Jeremy Rowley]

Thanks. We've revoked the cert and are looking into what happened and will post more information as we figure out what happened.

-----Original Message-----
From: dev-security-policy <dev-security-...@lists.mozilla.org> On Behalf Of Hanno Böck via dev-security-policy
Sent: Friday, August 17, 2018 7:16 PM
To: dev-secur...@lists.mozilla.org
Subject: New certificate from compromised key

Hi,

Some of you may remember the discussion about embedded private keys in Blizzard's battle.net software here:

https://clicktime.symantec.com/a/1/XSDo7RID7Ms9aljAAOVAKoWLKhovvM_IrWUufr3rx9Y=?d=ixB7K8sQydENLDztiiH7GzNasNJEnDB7wpes6oH2tWqtBdDVXCNxgW2i1bbRkJqfnpl083l3TNcjtWxKIOnVAhGqcaj4ECVGiEq7QWlO6dCRNg4egXdTyDgqHswD4l2_m4Pxk9zUAmYUibMwcefQDsfGGz6sLG1gaRk6PE8ATedNDXFpHXXQ3X8tgqfhhFbzdbK-KZno6DvjAy2fbUKMeoLrt5-JYOYZ8bS3sc4T0z7px58X56Ui0evBkMsOMK0HcSsZX7KQrA-citRM46mkG2lfDnZe3y2yULYPaAArvERnDqmP0WXdYX-QSJiLrUhzXxwplePV8J5cbTa6HEa7_Jf0Ly9DeNwS5NbTtghxbRwAVERGDodw8HVrBfjCPyvF4SdS5kZhpMY%3D&u=https%3A%2F%2Fgroups.google.com%2Fforum%2F%23%21msg%2Fmozilla.dev.security.policy%2Fpk039T_wPrI%2FVYi629oGCwAJ

One of the certificates with a compromised key back then was issued by
Digicert:

https://clicktime.symantec.com/a/1/8QluDmhQ8mTJ30JiFIlP9Ea07fo7BeZ76x4vHiRQ4Es=?d=ixB7K8sQydENLDztiiH7GzNasNJEnDB7wpes6oH2tWqtBdDVXCNxgW2i1bbRkJqfnpl083l3TNcjtWxKIOnVAhGqcaj4ECVGiEq7QWlO6dCRNg4egXdTyDgqHswD4l2_m4Pxk9zUAmYUibMwcefQDsfGGz6sLG1gaRk6PE8ATedNDXFpHXXQ3X8tgqfhhFbzdbK-KZno6DvjAy2fbUKMeoLrt5-JYOYZ8bS3sc4T0z7px58X56Ui0evBkMsOMK0HcSsZX7KQrA-citRM46mkG2lfDnZe3y2yULYPaAArvERnDqmP0WXdYX-QSJiLrUhzXxwplePV8J5cbTa6HEa7_Jf0Ly9DeNwS5NbTtghxbRwAVERGDodw8HVrBfjCPyvF4SdS5kZhpMY%3D&u=https%3A%2F%2Fcrt.sh%2F%3Fid%3D287530764

I noticed that a new certificate for a different domain, but with that same private key has been issued:

https://clicktime.symantec.com/a/1/UztZ9c6dq7VDtqVztbSn0ztsSjdjchyTG87cjFnvYyc=?d=ixB7K8sQydENLDztiiH7GzNasNJEnDB7wpes6oH2tWqtBdDVXCNxgW2i1bbRkJqfnpl083l3TNcjtWxKIOnVAhGqcaj4ECVGiEq7QWlO6dCRNg4egXdTyDgqHswD4l2_m4Pxk9zUAmYUibMwcefQDsfGGz6sLG1gaRk6PE8ATedNDXFpHXXQ3X8tgqfhhFbzdbK-KZno6DvjAy2fbUKMeoLrt5-JYOYZ8bS3sc4T0z7px58X56Ui0evBkMsOMK0HcSsZX7KQrA-citRM46mkG2lfDnZe3y2yULYPaAArvERnDqmP0WXdYX-QSJiLrUhzXxwplePV8J5cbTa6HEa7_Jf0Ly9DeNwS5NbTtghxbRwAVERGDodw8HVrBfjCPyvF4SdS5kZhpMY%3D&u=https%3A%2F%2Fcrt.sh%2F%3Fid%3D638323656

I tried to report it to rev...@digicert.com - but that address was replying with an error message...

--
Hanno Böck

https://clicktime.symantec.com/a/1/RJ969RojJELZVkzGgzMk2SN78MqUTvCuXRkZHP0djk4=?d=ixB7K8sQydENLDztiiH7GzNasNJEnDB7wpes6oH2tWqtBdDVXCNxgW2i1bbRkJqfnpl083l3TNcjtWxKIOnVAhGqcaj4ECVGiEq7QWlO6dCRNg4egXdTyDgqHswD4l2_m4Pxk9zUAmYUibMwcefQDsfGGz6sLG1gaRk6PE8ATedNDXFpHXXQ3X8tgqfhhFbzdbK-KZno6DvjAy2fbUKMeoLrt5-JYOYZ8bS3sc4T0z7px58X56Ui0evBkMsOMK0HcSsZX7KQrA-citRM46mkG2lfDnZe3y2yULYPaAArvERnDqmP0WXdYX-QSJiLrUhzXxwplePV8J5cbTa6HEa7_Jf0Ly9DeNwS5NbTtghxbRwAVERGDodw8HVrBfjCPyvF4SdS5kZhpMY%3D&u=https%3A%2F%2Fhboeck.de%2F

mail/jabber: ha...@hboeck.de
GPG: FE73757FA60E4E21B937579FA5880072BBB51E42
_______________________________________________
dev-security-policy mailing list
dev-secur...@lists.mozilla.org
https://clicktime.symantec.com/a/1/hc7xtvs26hqWeA42At7XWr7eeiDnWj1n6xCl__YKAGc=?d=ixB7K8sQydENLDztiiH7GzNasNJEnDB7wpes6oH2tWqtBdDVXCNxgW2i1bbRkJqfnpl083l3TNcjtWxKIOnVAhGqcaj4ECVGiEq7QWlO6dCRNg4egXdTyDgqHswD4l2_m4Pxk9zUAmYUibMwcefQDsfGGz6sLG1gaRk6PE8ATedNDXFpHXXQ3X8tgqfhhFbzdbK-KZno6DvjAy2fbUKMeoLrt5-JYOYZ8bS3sc4T0z7px58X56Ui0evBkMsOMK0HcSsZX7KQrA-citRM46mkG2lfDnZe3y2yULYPaAArvERnDqmP0WXdYX-QSJiLrUhzXxwplePV8J5cbTa6HEa7_Jf0Ly9DeNwS5NbTtghxbRwAVERGDodw8HVrBfjCPyvF4SdS5kZhpMY%3D&u=https%3A%2F%2Flists.mozilla.org%2Flistinfo%2Fdev-security-policy