A bunfight over a controversial UAE mobile security company led to the discovery that millions of TLS security certificates had been improperly issued – thanks to a dodgy default configuration in popular certificate authority (CA) key-generation software. During a discussion on the discussion group about Darkmatter’s application to become a fully fledged CA, users discovered that the company’s supposedly 64-bit serial numbers were in fact one bit short.

Read full news article on The Register