|
|
|
|
|
|
by strictnein
2843 days ago
|
|
|
Ehhh... very few (if any?) major orgs that take credit cards use Letsencrypt. Many, many malicious actors do. It's the go to cert for securing malicious sites A security team reviewing that baways.com site would definitely make note of the fact that it was using letsencrypt. |
|
|
Letsencrypt certs are widely used by malicious actors. Thus one not being used is noteworthy and why RiskIQ made note of it.
If someone who's downvoting me would like to show some examples of major websites from Fortune 100s or large international firms (like BA) using letsencrypt certs to collect payment info, then by all means, please do.