AI Persuasion

Something rather significant happened on the Internet back in May, and it seems that someone only noticed it on September 3rd. [Youfu Zhang] dropped a note on one of the Mozilla security mailing lists, pointing out that there was a certificate issued by Fina for 1.1.1.1. That IP address may sound familiar, and you may have questions.

First off, yes, TLS certificates can be issued for IP addresses. You can even get a numeric TLS certificate for your IP address, via Lets Encrypt. And second, 1.1.1.1 sounds familiar because that’s CloudFlare’s public DNS resolver. On that address, Cloudflare notably makes use of DoH, a charming abbreviation for DNS over HTTPS. The last important detail is that Cloudflare didn’t request or authorize the certificate. Significant indeed.

This is a high-profile example of the major weakness of the TLS certificate system. There are over 300 trusted certificate authorities in the Microsoft Root Certificate Program, Financijska agencija (Fina) being one of them. All it takes is for one of those trusted roots to issue a bad certificate, to compromise that system. That it took four months for someone to discover and point out the problem isn’t great. Continue reading “This Week In Security: DNS Oops, Novel C2s, And The Scam Becomes Real” →

Hackaday

1 Articles

This Week In Security: DNS Oops, Novel C2s, And The Scam Becomes Real

Search

Never miss a hack

If you missed it

Spy Tech: The NRO And Apollo 11

How Regulations Are Trying To Keep Home Battery Installs Safe

The Impending CRT Display Revival Will Be Televised

Jenny’s Daily Drivers: KDE Linux

Meta’s Ray-Ban Display Glasses And The New Glassholes

Our Columns

How Water Vapor Makes Smartphones Faster

FLOSS Weekly Episode 848: Open The Podbay Doors, Siri

Retrotechtacular: The Ferguson System

2025 Hackaday Superconference: Announcing Our Workshops And Tickets

Hackaday Links: September 21, 2025

Search

Never miss a hack

Subscribe

If you missed it

Our Columns