top | item 30639673 (no title) cotillion | 4 years ago No, klayswap.com has CAA configured in DNS. discuss order hn newest armada651|4 years ago Then it sounds like a misconfiguration after all? Because that would mean they didn't configure CAA for their CDN.In any case they could've hijacked the IP for the authorative DNS server, but that would at least add some complexity.Also, this assumes their CA actually did their due diligence and the hackers didn't just fool them into reissuing the certificate to them. ianpurton|4 years ago I think the CDN has to configure CAA.So if your site pulls in js from another site without sub resource integrity, and the other site doesn't have CAA configured you are vulnerable. load replies (1)
armada651|4 years ago Then it sounds like a misconfiguration after all? Because that would mean they didn't configure CAA for their CDN.In any case they could've hijacked the IP for the authorative DNS server, but that would at least add some complexity.Also, this assumes their CA actually did their due diligence and the hackers didn't just fool them into reissuing the certificate to them. ianpurton|4 years ago I think the CDN has to configure CAA.So if your site pulls in js from another site without sub resource integrity, and the other site doesn't have CAA configured you are vulnerable. load replies (1)
ianpurton|4 years ago I think the CDN has to configure CAA.So if your site pulls in js from another site without sub resource integrity, and the other site doesn't have CAA configured you are vulnerable. load replies (1)
armada651|4 years ago
In any case they could've hijacked the IP for the authorative DNS server, but that would at least add some complexity.
Also, this assumes their CA actually did their due diligence and the hackers didn't just fool them into reissuing the certificate to them.
ianpurton|4 years ago
So if your site pulls in js from another site without sub resource integrity, and the other site doesn't have CAA configured you are vulnerable.