On 30/08/16 18:45, Percy wrote:
https://crt.sh is down. Maybe someone can check with comodo to see whether they
got DDOSed?
Sorry about that. crt.sh is back up now.
It wasn't a DDOS attack.
Every so often something goes awry with the database replication
(between crt.sh's master database and front-end slave databases), which
causes all of the front-end databases to crash. Somebody (usually me,
but I've been out for most of today) is normally around to restart the
crashed databases. I don't know why our NOC team didn't fix this
several hours ago, but I intend to find out. Perhaps there are some
improvements we need to make to our internal monitoring systems.
Here are the Google CT for the possibly mis-issued certs mentioned in this
thread. It would be a lot harder to take down the Google CT.
I can't disagree with that statement. :-)
That said, I'll see what I can do to improve crt.sh's uptime. I already
have one offer of help...
https://twitter.com/FiloSottile/status/770642205304352768
Possible fake cert for Github
https://www.google.com/transparencyreport/https/ct/#domain=github.io&incl_exp=false&incl_sub=false&issuer=lPrsb9Gbn4s%3D
Possible fake cert for Alibaba, the largest commercial site in China
https://www.google.com/transparencyreport/https/ct/#domain=alicdn.com&incl_exp=false&incl_sub=false&issuer=lPrsb9Gbn4s%3D
Possible fake cert for Microsoft
https://www.google.com/transparencyreport/https/ct/#domain=cloudapp.net&incl_exp=false&incl_sub=false&issuer=lPrsb9Gbn4s%3D
--
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
