|
|
|
|
|
|
by hades32
1557 days ago
|
|
|
I would have liked an example of an attack this is supposed to stop. I assume. something like this, but the article really isn't clear about that:
You're using a CDN which got compromised, but your CICD servers haven't and your DNS provider also hasn't been compromise. Therefore by looking at some DNS records the browser cam verify stuff that's loaded within your domain from a 3rd party CDN.
Or maybe, your TLS certs were hacked, but not the ones from the Cloudflare hash registry. TBH those don't really seem like common attack vectors. If you're a state level actor and can fake TLS, the later example doesn't work and if your CDN gets hacked, chances are high this vendor is also your DNS and CI/CD provider... What am I missing here? |
|
|