Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

It means just that. Since they had control of DNS, they could have easily gotten a DV certificate, but in this case, they didn't and people clicked through certificate warnings.


Here's a source on Twitter showing some documentation of the self-signed certificate that myetherwallet.com users ignored warnings about: https://twitter.com/GossiTheDog/status/988785871188045825


> people clicked through certificate warnings

Which is a shame. They could have prevented users clicking through warnings by implementing HTTP Strict Transport Security.


Relatively easily, you'll need to be prepared with a mix of DV providers to make sure you don't get screwed by DNS caches.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: