Comment on Hetzner Server auction worth it?
appel@whiskers.bim.boats 5 months ago
Hetzner got caight MITM https traffic from their servers recently or something similar if i recall
Comment on Hetzner Server auction worth it?
appel@whiskers.bim.boats 5 months ago
Hetzner got caight MITM https traffic from their servers recently or something similar if i recall
waigl@lemmy.world 5 months ago
Really? That’s a rather big claim, and would change a lot for me if true. Do you have anything by the way of a source?
Also, how do you snoop https traffic without one of the parties just handing you their keys?
RaineVixen@programming.dev 5 months ago
It was Hetzner and Linode. Likely police wiretapping.
waigl@lemmy.world 5 months ago
Wait, they managed to forge Let’s Encrypt certificates? While it explains the attack on TLS (though technically not https as originally claimed, not that it makes much of a difference), that’s even worse…
Darkassassin07@lemmy.ca 5 months ago
If you have control over the host, getting a legit valid cert is trivial.
They’re a hosting company. It wouldn’t take much for them to temporarily have a vps grab some certs for domains that already point at you.
njordomir@lemmy.world 5 months ago
That was fascinating. Thank you for sharing. I’m still early on my self-hosting journey, but a year or two ago I would have understood next to nothing of that. :D
TCB13@lemmy.world 5 months ago
It’s true, links already shared by others, the thing is that I’m sure other providers would’ve done the same.
hayalci@fstab.sh 5 months ago
Yeah, that’s the key point. They weren’t trawling all the servers, they probably had a wiretap order for one specific server. As a legal business, you can’t just say no to police because you don’t like mitm.