Slashdot Mirror

← Back to Stories (view on slashdot.org)

D-Link Accidentally Publishes Private Code Signing Keys

Posted by timothy on Thursday September 17, 2015 @06:19AM from the oh-is-that-in-the-firmware? dept.

New submitter bartvbl writes: As part of the GPL license, D-Link makes its firmware source code available for many of its devices. When looking through the files I accidentally stumbled upon 4 different private keys used for code signing. Only one — the one belonging to D-Link itself — was still valid at the time. I have successfully used this key to sign an executable as D-Link. A Dutch news site published the full story (translated to english with Google Translate).

1 of 67 comments (clear)

Min score:

Reason:

Sort:

Re:Surely the GPL requires all source to build. by sexconker · 2015-09-17 07:30 · Score: 0, Troll

He means that the top clown's statement "Surely the GPL requires all the source code required to build the supplied binary." is fucking ridiculous.
There is no "supplied binary" requirement.
There is no requirement that code be correct, functional, or compilable.
You don't need to supply the fucking keys.