- cross-posted to:
- cybersecurity@sh.itjust.works
- cross-posted to:
- cybersecurity@sh.itjust.works
Happy birthday to Let’s Encrypt !
Huge thanks to everyone involved in making HTTPS available to everyone for free !
Happy birthday to Let’s Encrypt !
Huge thanks to everyone involved in making HTTPS available to everyone for free !
Having a certificate for any subdomain has implications for other sibling domains, even without a wildcard certificate.
By default, web browsers are a lot less strict about Same Origin Policy for sibling domains, which enables a lot of web-based attacks (like CSRF and cookie stealing) if your able to hijack any subdomain