Trivially exploitable MITM of all HTTPS traffic on machines with mandatory "beA" software installed. So just what you want on the laptops of every lawyer in Germany...
https://groups.google.com/forum/#!topic/mozilla.dev.security.policy/Cxw7YObzZEg …
HT @hanno
-
-
they ran a local https with that cert+key. so the key had to be in the software. details:https://www.golem.de/news/bea-bundesrechtsanwaltskammer-verteilt-https-hintertuere-1712-131845.html …
-
oooh, should've read more carefully. I assumed that they'd have separate keys and certs for the CA and the HTTPS server
- 2 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.