|
|
| | As HN: RustDesk Installs Chinese Root Certificates | |
68 points by lobito14 10 months ago | hide | past | favorite | 17 comments
|
| | I'm not an expert in security, but I noticed that the Windows version of RustDesk (https://rustdesk.com/), an open-source remote desktop software, installs a Chinese root certificate to the Windows `Trusted Root Certification Authorities` with all purposes enabled. There's a discussion on GitHub (https://github.com/rustdesk/rustdesk/discussions/6444) where one of the maintainers states the certificates are for driver code signing, but doesn't explain why they need to be placed in `Trusted Root Certification Authorities` with all purposes permissions instead of just for code signing. Does anyone more experienced in security have a take on this? |
|
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact
|
Always be cautious of trusting certs of any kind, especially test/dev certs with top level privileges lol personally i would avoid.
Based on the issue there are too many weak points and the "response" given didnt seem to care about the vulnerabilities or user concerns, only said why its needed...
The issue poster was smart in running in a sandbox and comparing files.