Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

You should not expect a service which has been exposed to the open internet to be hidden.

If your last defense is that nobody knows the domainname, then you've lost. Not knowing the domainname shouldn't be any defense at all.




> You should not expect a service which has been exposed to the open internet to be hidden.

Of course not, but CT dramatically lowers the bar for attackers. That's what I mean.


It doesn't really, only when you need to hide subdomains for security reasons. Which you shouldn't do.

CT raises the bar for attackers since they will be logged into the CT if they try to MitM.

Any other attack is not made easier than without CT.




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: