Vu la révélation de Malwarebytes, changer de fournisseur de certificat serait rassurant plutôt que rester chez GoDaddy !Phil35 wrote: ↑25 Nov 2021, 09:38 donc valide cf aussi la copie d'écran.
En revanche on peut se poser la question :
Mais pourquoi aller chez GoDaddy.com ? en France y a des "registrars" tout à fait correct. non ?
D'autant plus quand on lit cela date de 2 jours : https://blog.malwarebytes.com/hacking-2 ... reach/amp/ un tel problème de sécurité chez GoDaddy.
Hallucinant pour une telle société :
“It appears that GoDaddy was storing sFTP credentials either as plaintext, or in a format that could be reversed into plaintext. They did this rather than using a salted hash, or a public key, both of which are considered industry best practices for sFTP. This allowed an attacker direct access to password credentials without the need to crack them.”
Certificate expired!!
Re: Certificate expired!!
Re: Certificate expired!!
@DMar : 100% d'accord
Netatmo Weather Station + External module + Rain gauge + Internal smart cam + presence cam
-
- Posts: 3089
- Joined: 02 Jan 2014, 11:20
Re: Certificate expired!!
Hello everyone,
Thank you for having reported this certificate issue. Be assured we were already alerted and we did everything possible to renew it as fast as we could.
Regarding the usage of GoDaddy to issue our certificate, it's still perfectly safe and let me explain why: there is a difference between the Certificate Authority of GoDaddy and their WordPress services. If there had been a security breach in their CA, the root certificate would have been revoked by the editors which would have made all encrypted connections attempts impossible using a modern web browser.
That being said, we were already aware of that incident at GoDaddy, but our services were not impacted at all. There is no reason to use another Certificate Authority provider.
Thank you for having reported this certificate issue. Be assured we were already alerted and we did everything possible to renew it as fast as we could.
Regarding the usage of GoDaddy to issue our certificate, it's still perfectly safe and let me explain why: there is a difference between the Certificate Authority of GoDaddy and their WordPress services. If there had been a security breach in their CA, the root certificate would have been revoked by the editors which would have made all encrypted connections attempts impossible using a modern web browser.
That being said, we were already aware of that incident at GoDaddy, but our services were not impacted at all. There is no reason to use another Certificate Authority provider.
Brieuc - Netatmo Team