Database of Private SSL Keys Published

Trailrunner7 writes "A new project has produced a large and growing list of the private SSL keys that are hard-coded into many embedded devices, such as consumer home routers. The LittleBlackBox Project comprises a list of more than 2,000 private keys right now, each of which can be associated with the public key of a given router, making it a simple matter for an attacker to decrypt the traffic passing through the device. Published by a group called /dev/ttyS0, the LittleBlackBox database of private keys gives users the ability to find the key for a specific router in several different ways, including by searching for a known public key, looking up a device's model name, manufacturer or firmware version or even giving it a network capture, from which the program will extract the device's public certificate and then find the associated private SSL key."

Great Work!

Great work! Keep it up!

Information shouldn't be kept private, which is why I support projects like this and Wikileaks!

Re:Posted on Google Code

[Amorymeltzer]

Before leaving China, Google censored search results. Hell, Google's altered their algorithm within days of a NYT article about how a sham business survived because of all the bad press he got. They've blocked certain searches, such as those used to find site vulnerabilities.

I'm a big Google fan, but I don't think we need any more tests to see that Google will play ball against certain baddies.