- #A BLIZZARD BATTLE.NET RESYNC HAS BEEN REQUESTED INSTALL#
- #A BLIZZARD BATTLE.NET RESYNC HAS BEEN REQUESTED WINDOWS#
One can confirm this is a non-CA certificate by examining the cert that gets installed. Why should they create a potential CA when a simple non-CA self-signed cert would work fine They're actually already doing what the OP says they should be doing above: What they're installing is a leaf certificate specifically for the domain.
#A BLIZZARD BATTLE.NET RESYNC HAS BEEN REQUESTED INSTALL#
They don't now nor did they previously install a CA certificate. In particular, the certificate that Blizzard installs on the system is not a CA certificate. I hope it's OK to reply to a stickied comment, but there's so much misinformation below. The OP and many comments in the thread contain factual inaccuracies. To elaborate, there is no privacy or security issue.
If this was installed in the Personal or Local Items/login keystore, it would be fine as-is. The Blizzard Agent process can intercept your network traffic, create a forged certificate to allow them to decrypt the traffic, and you will never know about it.Įdit: Comparing this cert (and the slightly different version on Windows), to other CAs, I think Blizzard just installed it in the wrong key store. In case you didn't know, a trusted root CA has the ability to create a certificate that is valid for any website or server and your computer won't warn you about it. The expiration day is December 19th, and since certificates are usually generated for a certain number of years, that means it was just created. I opened Keychain and looked in the System Roots, searched for Blizzard, and sure enough, here it is. I was immediately suspicious, so I checked Activity Monitor and noticed that the Agent process has open file handles to all the Keychain files, most notably to the System Roots Keychain, which holds all the trusted root CA certificates. Original post: While running the updater for HotS this morning I got a strange prompt that Agent wanted to make changes on my computer and needed my admin password. Technically it's incorrect to not set CA:false on this certificate, but in reality it should not allow forged certs in any major browser.
#A BLIZZARD BATTLE.NET RESYNC HAS BEEN REQUESTED WINDOWS#
In any case it's highly unlike that the OS APIs for certificates on Windows or macOS would allow a certificate to be valid if it was signed by this one. It appears the way to mark a certificate as trusted (for a particular site, not as a CA) may be slightly different on Windows. After extensive discussion, I don't think it's as big a deal as I initially thought. The private key should also be unique on each machine (again, I could be wrong).Įdit 3: I talked to Tavis Ormandy for a long time today. There is no escalation of privileges that I'm aware of, because Agent already gets admin privileges to install and (presumably) the private key requires Administrator/root to extract (although I could be wrong about that). Ultraliskhots stormleague and scrimm today |!teams | WORLDCHAMPION | !vid !dnd !MC !maievguide !discord 70ĭooMascarade Mascarade SL 59 Ravinar_ (EU) Solo Q Storm League is where the fun is!!! |!Ads !Youtube !Discord 119įanHOTS (RERUN) BRONZE TO GM RETURNS! GOING TO DOC OFFICE NEXT STREAM ON 8/31║ COMPREHENSIVE GRANDMASTER LEVEL HOTS GUIDES ON !Patreon ║ 8.27.23 101 Blue Tracker ESPORTS CALENDAR ( LIQUIPEDIA)
0 kommentar(er)
