Is anyone tracking the number of forged certs issued by @startssl? One vuln in one CA puts the whole system at risk:
http://oalmanna.blogspot.in/2016/03/startssl-domain-validation.html …
@AsoomAlma @MalwareJake @startssl Using an email in the WHOIS isn't a valid test. Couldn't you have used a different email that you own?
-
-
-
@MalwareJake@wdormann I genuinely, didn't think of that during the test. - 2 more replies
New conversation -
-
-
-
@MalwareJake @AsoomAlma@startssl unintended behavior, maybe. But no violation of BR guidelines. So who cares?
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.