undefined | Better HN

0 pointsDylan1680711y ago0 comments

Not if the other comment by... you... about it being served by an external CDN is correct.

HSTS could easily stop a CDN from picking up a bad version during a DNS hijack.

0 comments

MAS's CDN that is. The same CDN they were using before the hack even happened.

But it being an external CDN means that there is no indication that the actual servers they have control of were tampered with. The possibility that HSTS could have saved the day is just as valid. There is no indication that the CDN got these incorrect files with any kind of encryption or signing.

ryanlol11y ago

So CDN just works without having the SSL certs?

1 more reply

j / k navigate · click thread line to collapse

0 pointsDylan1680711y ago0 comments

Not if the other comment by... you... about it being served by an external CDN is correct.

HSTS could easily stop a CDN from picking up a bad version during a DNS hijack.

0 comments

ryanlol11y ago

MAS's CDN that is. The same CDN they were using before the hack even happened.

Dylan16807OP11y ago

ryanlol11y ago

So CDN just works without having the SSL certs?

1 more reply

j / k navigate · click thread line to collapse