Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://mastodon.social/users/tykling/statuses/111415761281595810">Thomas Steen Rasmussen (tykling@mastodon.social)'s status on Thursday, 16-Nov-2023 02:37:56 JST</a><a href="https://mastodon.social/@tykling" title="tykling@mastodon.social"><img src="https://gnusocial.jp/avatar/213246-48-20231115171141.webp" width="48" height="48" alt="Thomas Steen Rasmussen" style="position: absolute; left: 0; top: 0;">Thomas Steen Rasmussen</a><div><a href="https://bikeshed.party/objects/ad51859c-7222-4c5b-af28-01f97dee2602" rel="in-reply-to">in reply to</a><ul><li></ul></div></section><article><p><a href="https://bikeshed.party/users/feld">@feld</a> I believe LE currently does DNS checks from multiple AWS regions + from their own servers. So they likely would have gotten inconsistent answers and bailed out at that point. I don't know about ZeroSSL.</p><p>The attackers likely had to try issuing multiple times to get lucky and have all the lookups hit the "bad" server.</p><p>No guarantees here, but I would much, much rather have had CAA account pinning in place than not during this attack.</p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/2332221#notice-4603143">In conversation</a><time datetime="2023-11-16T02:37:56+09:00" title="Thursday, 16-Nov-2023 02:37:56 JST">about a year ago</time> <span>from <span><a href="https://mastodon.social/@tykling/111415761281595810" rel="external" title="Sent from mastodon.social via ActivityPub">mastodon.social</a></span></span><a href="https://mastodon.social/@tykling/111415761281595810">permalink</a><h4>Attachments</h4><ol><li><article><header><div>No result found on File_thumbnail lookup.</div><h5><a href="https://oslosportslager.no/">https://oslosportslager.no/oslosportslager.no/index.jsp</a></h5><div></div></header><div></div><footer></footer></article></li></ol></footer></blockquote>

Corresponding Notice

Embed this notice
Thomas Steen Rasmussen (tykling@mastodon.social)'s status on Thursday, 16-Nov-2023 02:37:56 JSTThomas Steen Rasmussen
in reply to
- feld
@feld I believe LE currently does DNS checks from multiple AWS regions + from their own servers. So they likely would have gotten inconsistent answers and bailed out at that point. I don't know about ZeroSSL.
The attackers likely had to try issuing multiple times to get lucky and have all the lookups hit the "bad" server.
No guarantees here, but I would much, much rather have had CAA account pinning in place than not during this attack.
In conversationabout a year ago from mastodon.socialpermalink
Attachments
1. No result found on File_thumbnail lookup.
  https://oslosportslager.no/oslosportslager.no/index.jsp

Public

Embed Notice

HTML Code

Corresponding Notice