Sun Microsystems uses a variety of X.509 keys signed by VeriSign to securevarious web sites. Among these certificates are two that were revoked on October 19, 2000. The certificate IDs for these revoked certificates are
3181 B12D C422 5DAC A340 CF86 2710 ABE6
1705 FB13 A22F 9AF3 C130 F562 6E12 504C
Users who accept these certificates into their browser may inadvertently run malicious code signed by the compromised certificates. Any such code would appear to be from Sun Microsystems, thus creating a misleading sense of trust.
This document was written by Shawn Hernan.