TurkTrust CA certificate breach and what does it mean for you

Saturday, January 5th, 2013

A pseudo analysis of the issue that was brought to my attention by Eric Klien’s post here. The following text is slightly edited version of my comment on the post, reproduced here because I think its important for my readers to be aware of the issue.

A new CA kerfuffle has broken out yesterday, and here are some of the headlines:

The information for the discussion below was sourced from these, more technical, articles(1):

To summarize, the problem was a botched test process in TurkTrust CA (as part of an external security audit) that caused a CA profile to be set up to generate “sub CA” certificates, and following that the profile was copied to the production system and subsequently used to generate two certificates before the problem was discovered and fixed (I assume the test profile was removed from the production system), but only 1 of those certificate was revoked. (more…)


  1. I applaud BBC for trying to present a complex security issue in “layman terms”, but as someone who is familiar with the technology in question, it gave me quite a headache, trying to “reverse translate” the text []

Just jumping on the 6692d179032205 bandwagon

Wednesday, September 22nd, 2010

As Intel confirmed, the HDCP master key has been leaked (using PasteBin of all things(1) ), and have been reproduced(2) around the web in blogs and forum posts.

One, more industrious, individual went a step further and reproduced the HDCP master key as a Python program to generate sink and source keys according to the leaked instructions – which is reproduced here fully for the purpose of mirroring (no copyright notice was added so I don’t know who to thank for this). More musings about the meaning and purpose of all this – after the break:

(more…)


  1. Where it quickly went out of control, people don’t seem to understand the concept of  “mirror” or “offsite backup” 😉  []
  2. 1890 sources, total for today and not including this one []

An astute observation

Thursday, May 27th, 2010

Yep, that sounds about right.



Spam prevention powered by Akismet