On 2018-03-02 13:32, grandamp--- via dev-security-policy wrote: > The web site is back up, with the same certificate being used. That said, it > *is* possible that the certificate was managed by their load balancing > solution, and the private key for (trustico.com) was not exposed. > > trustico.co.uk appears to be the same web site, yet it has a *different* > certificate.
The code injection occurred on an interface they had to check the certificate of an arbitrary server. When 127.0.0.1 was used, the trustico.com certificate was returned. That means the local web server was handling TLS, not a remote load balancer solution (unless somehow 127.0.0.1 was forwarding to a remote host, which doesn't really make any sense). -- Hector Martin "marcan" ([email protected]) Public Key: https://mrcn.st/pub _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
