Reply to post: Re: SSL Certificate now public

Superfish: Lenovo ditches adware, but that doesn't fix SSL megavuln – researcher

Daniel B.
Mushroom

Re: SSL Certificate now public

IT IS THE SAME ONE IN ALL CASES??

It seems to indeed be the case. The password protecting the PKCS8 Private Key package is the name for another product that does MITM stuff "to protect your children", the Private Key is part of the actual .exe and is extracted from the program's memory, its in PEM format, so I'm pretty sure it is the same one for everyone.

Hell, you don't even need to extract the key, there's a screenshot showing modulus, publicExponent, privateExponent, prime1 and prime2 out there. The horse has bolted. Someone will get burned.

Bad Lenovo! Bad Boy!

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019