watchTowr: We Spent $20 To Achieve RCE And Accidentally Became The Admins Of .MOBI
Yo what the fuck. watchTowr had inadvertently undermined the CA process for the entire .mobi TLD:
we took control of a chunk of the Internet’s infrastructure, opened up a big slab of juicy attack surface, and found a neat way of undermining TLS/SSL - the fundamental protocol that allows for secure communication on the web.
No spoilers, this is a must-read.