Slashdot Mirror


Database of Private SSL Keys Published

Trailrunner7 writes "A new project has produced a large and growing list of the private SSL keys that are hard-coded into many embedded devices, such as consumer home routers. The LittleBlackBox Project comprises a list of more than 2,000 private keys right now, each of which can be associated with the public key of a given router, making it a simple matter for an attacker to decrypt the traffic passing through the device. Published by a group called /dev/ttyS0, the LittleBlackBox database of private keys gives users the ability to find the key for a specific router in several different ways, including by searching for a known public key, looking up a device's model name, manufacturer or firmware version or even giving it a network capture, from which the program will extract the device's public certificate and then find the associated private SSL key."

1 of 200 comments (clear)

  1. Re:Posted on Google Code by Amorymeltzer · · Score: 1, Troll

    Before leaving China, Google censored search results. Hell, Google's altered their algorithm within days of a NYT article about how a sham business survived because of all the bad press he got. They've blocked certain searches, such as those used to find site vulnerabilities.

    I'm a big Google fan, but I don't think we need any more tests to see that Google will play ball against certain baddies.

    --
    I live in constant fear of the Coming of the Red Spiders.