Database of Private SSL Keys Published 200
Trailrunner7 writes "A new project has produced a large and growing list of the private SSL keys that are hard-coded into many embedded devices, such as consumer home routers. The LittleBlackBox Project comprises a list of more than 2,000 private keys right now, each of which can be associated with the public key of a given router, making it a simple matter for an attacker to decrypt the traffic passing through the device. Published by a group called /dev/ttyS0, the LittleBlackBox database of private keys gives users the ability to find the key for a specific router in several different ways, including by searching for a known public key, looking up a device's model name, manufacturer or firmware version or even giving it a network capture, from which the program will extract the device's public certificate and then find the associated private SSL key."
Re:Great Work! (Score:5, Insightful)
Good... (Score:4, Insightful)
Re:Great Work! (Score:5, Insightful)
No, like most people who say that ... he only supports someone else's information being made public.
Re:Great Work! (Score:5, Insightful)
Information shouldn't be kept private
Misleading? (Score:3, Insightful)
From the article: "...making it a simple matter for an attacker to decrypt the traffic passing through the device". I'd think it would only be *to* the device.
Re:Great Work! (Score:2, Insightful)
There's a difference between exposing information about the misuse of power by a powerful individual or organization and information that only exposes a little person for abuse.
If absolutely all information wants to be free in some sci-fi quantum future, we'd better see to it that we go there with the big baddies transparent before they have all the dirt on all of us little regular people.
We do this by exposing the big bad lies while fighting to keep our little secrets.
Re:Great Work! (Score:4, Insightful)
So you'll have no problem posting all your passwords, social security number, bank account numbers, and so on publicly, then. Right?
Not the same. This is more like calling the emperor naked. The bad guys already know that "security" is often just a theatre. This is just a blunt way to raise awareness of that fact and force vendors to start taking security more seriously.
Re:what? (Score:4, Insightful)