BrowserStack local leaking private key
17 points by hanno
17 points by hanno
Well aren't they just testing that expression about "no such thing as bad press": https://lobste.rs/s/7qqnze/someone_at_browserstack_is_leaking_users
I also don't understand how in the world it can take multiple months to revoke a leaked cert
This sounds like the old cert was revoked, so they fixed it by issuing and leaking a new one
[edit: typo/auto-carrot]
I also don't understand how in the world it can take multiple months to revoke a leaked cert
I don't read the post as GoDaddy taking multiple months to revoke the certificate. Otherwise CA-Browser-Forum is interested in this breach of rules.
Yes, that's correct. I reported the first cert in November, and GoDaddy revoked it shortly afterwards: https://crt.sh/?id=16237468040 If they hadn't, that would've been a violation of CA/Browser Forum rules.
I also reported it to browserstack, but it appears they didn't read or understand the report, as they apparently just re-issued a new cert and leaked the key again: https://crt.sh/?id=23879329775&opt=ocsp