Wow, Trustico majorly fucked up. I had to go back and read from the top to understand the whole situation, but damn, they had SSL private keys being generated and output in plaintext into the user's browser on their site... on pages with 3rd party javascript files (some from advertising companies) being loaded in. The keys were "compromised" the moment they output into the browser in other words.
1 comment
[ 3.0 ms ] story [ 9.9 ms ] thread