Is anyone tracking the number of forged certs issued by @startssl? One vuln in one CA puts the whole system at risk:
http://oalmanna.blogspot.in/2016/03/startssl-domain-validation.html …
-
-
Replying to @MalwareJake
@MalwareJake@startssl Or did they validate? The email address entered is in the WHOIS database. We may never know..pic.twitter.com/FNOiQLvSDU
2 replies 1 retweet 0 likes -
Replying to @wdormann
@wdormann@MalwareJake@startssl i'm not "legally" authorized to demonstrate this vulnerability for any other domain name that i don't own.2 replies 0 retweets 1 like -
Replying to @osamaalmann
@wdormann@MalwareJake@startssl if it is considered invalid, try to validate your domain name the same way i just did in my blog. Wont work1 reply 0 retweets 0 likes -
Replying to @osamaalmann
@AsoomAlma
@MalwareJake@startssl Showing that it currently doesn't work doesn't prove that it worked in the past.2 replies 0 retweets 0 likes
@AsoomAlma @MalwareJake @startssl There may have been a problem. But you didn't provide enough proof of it. Where's the vendor confirmation?
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.