Mastodawn

🔑New from DTI: Technical breakdown of the TLS private key exposure for Qihoo 360’s "Security Claw" AI Platform.
Read more here: https://dti.domaintools.com/research/exposure-of-tls-private-key-for-myclaw-360-in-qihoo-360-security-claw-ai-platform
#CyberSecurity #ThreatIntel #AI #InfoSec

DomainTools Investigations | Exposure of TLS Private Key for Myclaw 360 in Qihoo 360 “Security Claw” AI Platform

DTI analysis of a leaked TLS private key from Qihoo 360's AI security platform, covering cryptographic validation, threat scenarios, and incident response.

Show thread

rex0n

@DomainTools Putting a private key inside an installer isn't a slip-up , it means they never had a secret scanner in the pipeline. Tools like gitleaks or truffleHog would have caught it before the first commit. And in any halfway decent architecture, production keys are injected at runtime from a vault, never baked in at build time. If the build needs the key, the design is broken #cybersecurity