Cloudflare on Thursday acknowledged this failure, writing: We failed three times. The first time because 1.1.1.1 is an IP certificate and our system failed to alert on these. The second time because even if we were to receive certificate issuance alerts, as any of our customers can, we did not implement sufficient filtering. With the… Read More: The number of mis-issued 1.1.1.1 certificates grows. Here’s the latest. »
Representatives from Google and Mozilla said in emails that their Chrome and Firefox browsers have never trusted the certificates, and there was no need for users to take any action. An Apple representative responded to an email with this link to a list of certificate authorities Safari trusts. Fina was not included. It wasn’t immediately… Read More: Mis-issued certificates for 1.1.1.1 DNS service pose a threat to… »
Getty Images reader comments 6 Certificate authorities and browser makers are planning to end the use of WHOIS data verifying domain ownership following a report that demonstrated how threat actors could abuse the process to obtain fraudulently issued TLS certificates. TLS certificates are the cryptographic credentials that underpin HTTPS connections, a critical component of online… Read More: Google calls for halting use of WHOIS for TLS domain… »
Aurich Lawson | Getty Images reader comments 57 It’s not every day that a security researcher acquires the ability to generate counterfeit HTTPS certificates, track email activity, and the position to execute code of his choice on thousands of servers—all in a single blow that cost only $20 and a few minutes to land. But… Read More: Rogue WHOIS server gives researcher superpowers no one should ever… »
Aurich Lawson | Getty Images reader comments 45 Previously, on “Weekend Projects for Homelab Admins With Control Issues,” we created our own dynamically updating DNS and DHCP setup with bind and dhcpd. We laughed. We cried. We hurled. Bonds were forged, never to be broken. And I hope we all took a little something special… Read More: Banish OEM self-signed certs forever and roll your own private… »