Bug hunter tricked SSL.com into issuing cert for Alibaba Cloud domain in 5 steps (www.theregister.com)
from BrikoX@lemmy.zip to cybersecurity@sh.itjust.works on 22 Apr 02:48
https://lemmy.zip/post/36951390

10 other certificates ‘were mis-issued and have now been revoked’

#cybersecurity

threaded - newest

drspod@lemmy.ml on 22 Apr 08:09 next collapse

This wasn’t some complicated edge-case, it was gross incompetence by SSL.com.

If I was a browser or OS manufacturer I would be revoking their root certificates over this.

starshipwinepineapple@programming.dev on 22 Apr 12:57 collapse

You would think this would be the first test case