Outage comes a day after CEO admitted emailing private keys for 23k HTTPS certs.
By Dan Goodin
The website for Trustico went offline on Thursday morning, about 24 hours after it was revealed that the CEO of the UK-based HTTPS certificate reseller emailed 23,000 private keys to a partner.
The website closure came shortly after a website security expert disclosed a critical vulnerability on Twitter that appeared to make it possible for outsiders to run malicious code on Trustico servers. The vulnerability, in a trustico.com website feature that allowed customers to confirm certificates were properly installed on their sites, appeared to run as root. By inserting commands into the validation form, attackers could call code of their choice and get it to run on Trustico servers with unfettered "root" privileges, the tweet indicated.