Yesterday I was pointed to a directory on a website that appeared to contain certificates and private keys for the Safe Deposit Bank of Norway.pic.twitter.com/6wixbRHA6c
You can add location information to your Tweets, such as your city or precise location, from the web and via third-party applications. You always have the option to delete your Tweet location history. Learn more
Dump them on Twitter and tag the respective CAs. The certs are already compromised. Public disclosure would surely be the fastest way to get them revoked.
This would still require a mapping from CA to twitter handle. I currently have a list of 38 different CAs that need to be contacted in some way.
e.g., Given a list of http://crt.sh URIs like this, what's the path of least resistance to getting them revoked? I suppose scraping the http://crt.sh website wouldn't be too tricky. I'm just trying to prevent duplication of effort, though.pic.twitter.com/wcO43FbE3Y
a) check if already revoked or expired (obvious, just sayin), b) figure out what the root ca is (no easy automation I'm aware of), c) https://ccadb-public.secure.force.com/mozilla/AllProblemReportingMechanismsReport … has email contacts, d) if it doesn't work inform mozilla via a bugreport
I thought about it :-) "send me a private key, I'll take care of the rest"-webservice, but I never did it.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.