[matthiasb]

There was a thread yesterday where lots of people were complaining about HSMs (https://news.ycombinator.com/item?id=13031155). I think this is an example where it would have helped to secure the private key in an HSM instead of the server itself.

Now the author states the keys have been rotated but now the next hacker know where to look.

[imduffy15]

I'm not fully confident that they have actually been rotated....

[Anthony-G]

Hi Ian. That was a very well-written account of a very serious vulnerability. I just thought I’d let you know that there's a typo in the closing sentence (being discussed here), “they claim to of rotated all secrets”. That should be “have” rather than “of”. It kind of threw me a little as I read it. Le gach dea ghuí.

[imduffy15]

Perfect! Thank you Anthony, colloquialism slipping into my English.