From what I see in the article it seems it’s a classic case of Croatian public sector IT being incompetent. But it doesn’t seem to be that big of an issue. They were only created for internal testing and were immediately revoked. It’s still not good, but the opportunity for exploit here to me seems extremely low.
… what? How the hell does a CA let that slip?
From what I see in the article it seems it’s a classic case of Croatian public sector IT being incompetent. But it doesn’t seem to be that big of an issue. They were only created for internal testing and were immediately revoked. It’s still not good, but the opportunity for exploit here to me seems extremely low.
Wlcome to the age when the only correct infra is the one you self-host.
CAs are like BGP, it’s trust me bro all the way down