It's quite telling that infosec people are mostly talking about DNSSEC and what not instead of being like "Wait, you're telling me a cryptocurrency wallet handling millions every day did not deploy HSTS?"

No one's even surprised anymore.

Not deploying a simple HTTP header, something that literally every website security scan out there would flag, is apparently not a sign of crappy security practices, folks.

Sign in to participate in the conversation
Mastodon is a microblogging site that federates with most instances on the Fediverse.