Comment by 8organicbits
1 day ago
Ah you're right, they are always wildcard certs. I think I was mis-remembering https://news.ycombinator.com/item?id=15826906, which guesses names based on CT logs.
In either case, the subdomain you use in DNS requests are not private. Attackers can collect those from passive DNS logs or in other ways.
No comments yet
Contribute on Hacker News ↗