Reply to post: Grab the private key?

Atlassian scrambles to fix zero-day security hole accidentally disclosed on Twitter

Venerable and Fragrant Wind of Change

Grab the private key?

For the benefit of readers who don't twitt ...

Who exactly can grab this private key, and how? Surely a private key that can be accessed by an unauthorised person is a big no-no, but orthogonal to an idiosyncratic DNS usage?

DNS is designed for performance over security, which is a major reason we don't rely on it for secure transactions and have SSL certs. When you describe a DNS entry as a vulnerability, it looks as if you're suggesting a misplaced reliance on something that's inherently insecure. Or in other words, propping up the edifice by painting over the cracks.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2020