[Buge]

HSTS could prevent this from working.

[tyho]

So could attaching decent transponders to their aeroplanes.

[jrockway]

How much more per flight would you pay for this? Satellites aren't cheap.

[ryanlol]

At their scale, yeah they are. (Especially considering you wouldn't need new sats)

[ryanlol]

Not really, the page is being served from MAS's own servers now.

[Dylan16807]

Not if the other comment by... you... about it being served by an external CDN is correct.

HSTS could easily stop a CDN from picking up a bad version during a DNS hijack.

[ryanlol]

MAS's CDN that is. The same CDN they were using before the hack even happened.

[Dylan16807]

But it being an external CDN means that there is no indication that the actual servers they have control of were tampered with. The possibility that HSTS could have saved the day is just as valid. There is no indication that the CDN got these incorrect files with any kind of encryption or signing.

[ryanlol]

So CDN just works without having the SSL certs?

[Dylan16807]

What? A CDN accessed over TLS needs some kind of cert, sure. I don't see how this connects to whether the CDN pulls off the wrong server.

Obviously if the CDN has cert X then any authentication it may have should use cert Y.