D-Link Accidentally Publishes Private Code Signing Keys

New submitter bartvbl writes: As part of the GPL license, D-Link makes its firmware source code available for many of its devices. When looking through the files I accidentally stumbled upon 4 different private keys used for code signing. Only one — the one belonging to D-Link itself — was still valid at the time. I have successfully used this key to sign an executable as D-Link. A Dutch news site published the full story (translated to english with Google Translate).

D-Link and GPL

[MrKaos]

I'd just like to point out, before Dlink get too much criticism, that there are many companies that avoid this situation by violating the terms of the GPL by not making the source code available or even displaying the terms of the license.

Ok, Dlink made a mistake, however I think it is a good thing that they being sincere to the terms of the license. Well done Dlink, they will fix the problem and I will be happy to buy their products over other vendors who violate the terms of the GPL.

Re:D-Link and GPL

Like this one

https://trac.ffmpeg.org/ticket...

Blue Iris Video Security Software

  Perspective Software

No indication of GPL use. Claims work as his own.

From the download package, BlueIris.exe is UPX compressed. Decompress, then investigate 22 MB file with strings.exe.

libswresample license: GPL version 2 or later

  libswscale license: GPL version 2 or later

  libavcodec license: GPL version 2 or later

  libavformat license: GPL version 2 or later

  libavutil license: GPL version 2 or later

Compile strings discovered:

--enable-gpl --cpu=i686 --prefix=/c/msys/1.0/ffmpeg/build --enable-libx264

Here's something fun to do. Tell PayPal that BlueIris is violating term 9c of the user agreement (since they take PayPal for their registration fee):

PayPal User Agreement