So this is actually huge. The StartCom CA is trusted in almost every damn browser (mobile or otherwise).
This is basically saying the CA's private key has been leaked. Because the end result is the same: I can now issue a certificate for any damn domain I want and have it trusted.
This is basically saying the CA's private key has been leaked. Because the end result is the same: I can now issue a certificate for any damn domain I want and have it trusted.
The certificate authority system is broken.