|
|
|
|
|
|
by chedabob
387 days ago
|
|
|
Does the Yandex HTTPS one mean they're shipping the private key for their cert in the app, therefore anything running on localhost (or on a network with poisoned DNS) can spoof the yandexmetrica site? There is a cert for it in the logs: https://crt.sh/?q=yandexmetrica.com |
|
|
It even looks like some of the certs were issued by Yandex to Yandex. I guess their cert division will end up writing an incident report for this.