SSL Certificate Reseller Leaks Private Keys

The CEO of SSL certificate reseller Trustico emailed the private keys for more than 23,000 keypairs to an employee of their "root authority" as part of a request to have the certificates mass revoked (archived). The identity of the mysterious "CEO" of Trustico has eluded reports though a fellow identifying himself at this time as "product manager Zane Lucas" (WOT:nonperson) has apparently been responsding to press inquiries. At other times in press releases related to Trustico have mentioned a "Zane Lucas, director" (archived). How Trustico acquired customer private keys appears to be related to their now unreachable website having offered an online "private key generator" which it directed customers too.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>