Create accountLogin

Recent searches

No recent searches

Search options

Only available when logged in.
floss.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
For people who care about, support, and build Free, Libre, and Open Source Software (FLOSS).

Administered by:

Server stats:

686
active users

floss.social: AboutStatusProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.3.7

Public
:debian: 𝚜𝚎𝚕𝚎𝚊 :opensuse:

People have probably seen this before, and I have - but not to this extent.

All certificates that are public, are actually "streamed" to public databases, that in line with regulation set by CA's, browsers and other vendors.

What that means, is that if you issue (or buy) a certificate from a public CA - and you are only using it in an internal environment - people WILL know that you have a host with that particular CommonName somewhere.

I've issued a couple of certificates today, and since I host my own Authoritive DNS-servers, I am able to fully trace the requests coming into my DNS-zone.
Immediately after I've issued said certificates - I see many request arriving from all over the world, together with port-scans and all that shit.
And if you dont have a A-record for that particular hostname - the portscans will go directly against @.
All that from Cloud providers such as AWS, GCP, and shit.

Fascinating.

And if you want to check all the certificates that is issued - in real time, Check out "certstream"

certstream.calidog.io/

certstream.calidog.ioCertstream
#linux#infosec#security
Francisco de la Peña

@selea it's well-known that CT logs are used to attack freshly uploaded WordPress installers in seconds, so all that noise makes sense.

Jan 06, 2025, 06:00 AM·Public
0boosts·1favorite
Public
:debian: 𝚜𝚎𝚕𝚎𝚊 :opensuse:

@fdelapena

It is a well known fact for people that are interested in it.
But unkown to most people in IT sadly

Explore
About