On 09/13/2011 01:31 PM, Seth David Schoen wrote:
An example from yesterday was
https://www.senate.gov/
which had a valid cert a while ago and then recently stopped. (Their
HTTPS support was reported to us as working on June 29; according to
Perspectives, the most recent change apparently happened on September 9.)
They got hacked by LulzSec back in June, their web software was ancient
like a time capsule. IIRC, there were a lot of subject-alt names on that
shared-IP certificate. No doubt the private key was compromised.
It probably took this long to reissue and re-deploy all the sites.
- Marsh
_______________________________________________
cryptography mailing list
[email protected]
http://lists.randombit.net/mailman/listinfo/cryptography
