Mastouille

0 message0 participant0 message aujourd’hui

Erik van Straten<a href="https://social.wildeboer.net/@jwildeboer" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@jwildeboer</a> wrote: "Dear <a href="https://infosec.exchange/tags/Letsencrypt" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Letsencrypt</a>, you helped secure millions and millions of servers"They never did. Since Forward Secrecy is used (which is good), the one and only purpose of an X.509 certificate is to authenticate an entity, based on unique and *useful* identification of said entity.Have a look at <a href="https://crt.sh/?q=968717.com" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://crt.sh/?q=968717.com</a> for the "usefulness" of identification (and waste of resouces).Or what about <a href="https://crt.sh/?q=localbit.com" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://crt.sh/?q=localbit.com</a> which includes certificates for <a href="https://ww25.ww38.ww38.ww38.ww16.ww25.ww25.ww38.localbit.com" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://ww25.ww38.ww38.ww38.ww16.ww25.ww25.ww38.localbit.com</a>? (I can give you zillions of examples like this).Although a DV-cert may suffice for server to server communication (*), a domain name simply does not suffice for useful identification by humans.Fix: <a href="https://infosec.exchange/@ErikvanStraten/113079966331873386" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://infosec.exchange/@ErikvanStraten/113079966331873386</a>.(*) Certificate misissuances: <a href="https://infosec.exchange/@ErikvanStraten/112914050216821746" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://infosec.exchange/@ErikvanStraten/112914050216821746</a>.<a href="https://infosec.exchange/tags/DVcerts" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DVcerts</a> <a href="https://infosec.exchange/tags/DomainValidation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DomainValidation</a> <a href="https://infosec.exchange/tags/BrowsersSuck" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#BrowsersSuck</a> <a href="https://infosec.exchange/tags/DV" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DV</a> <a href="https://infosec.exchange/tags/LetsEncrypt" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#LetsEncrypt</a> <a href="https://infosec.exchange/tags/GoogleIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#GoogleIsEvil</a> <a href="https://infosec.exchange/tags/BigTechIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#BigTechIsEvil</a> <a href="https://infosec.exchange/tags/CloudflareIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CloudflareIsEvil</a> <a href="https://infosec.exchange/tags/Phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Phishing</a>

Erik van Straten<a href="https://infosec.exchange/@0xF21D" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@0xF21D</a> : Cloudflare is evil anyway.Cloudflare reverse-proxies (or -proxied):- cloudflare.com.save-israel·org - ns.cloudflare.com.save-israel·org - albert.ns.cloudflare.com.save-israel·org - sydney.ns.cloudflare.com.save-israel·org -I don't know whether any of these domains were or are malicious, but such domain names are insane; expect evilness.See also: <a href="https://crt.sh/?Identity=save-israel.org" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://crt.sh/?Identity=save-israel.org</a>Tap "Alt" in the images for more info.<a href="https://infosec.exchange/@malanalysis" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@malanalysis</a> <a href="https://infosec.exchange/tags/CloudflareIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CloudflareIsEvil</a> <a href="https://infosec.exchange/tags/BigTechIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#BigTechIsEvil</a> <a href="https://infosec.exchange/tags/AitM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AitM</a> <a href="https://infosec.exchange/tags/MitM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#MitM</a> <a href="https://infosec.exchange/tags/DV" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DV</a> <a href="https://infosec.exchange/tags/DVCerts" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DVCerts</a> <a href="https://infosec.exchange/tags/DVCertsSuck" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DVCertsSuck</a> <a href="https://infosec.exchange/tags/BrowsersSuck" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#BrowsersSuck</a>

Erik van Straten<a href="https://mastodon.nl/@ErikSchouten73" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@ErikSchouten73</a> : dat soort adviezen werken in de praktijk *NIET* voor heel veel mensen.En terecht, alles in dat soort adviezen kan door criminelen worden omzeild.Het internet is verziekt door big tech.Gegeven een domeinnaam moeten internetters, om te beginnen, exact begrijpen hoe domeinnamen in elkaar zitten (*), iets dat voor veel internetters onbegrijpelijke materie is.En *áls* internetters dat al snappen, moeten zij op raadselachtige wijze zien te achterhalen of die domeinnaam van de *KENNELIJKE ORGANISATIE* is. Dat is allemaal informatie die door Big Tech wordt *ACHTERGEHOUDEN*.(*) Denk ook aan phishing websites zoals:   https:⧸⧸lîdl·be/loginZie de zojuist gemaakte screenshot van die URL (link - indien correct gespeld, dus met https:// en een punt erin) hieronder.<a href="https://infosec.exchange/tags/Phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Phishing</a> <a href="https://infosec.exchange/tags/DVCerts" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DVCerts</a> <a href="https://infosec.exchange/tags/BigTechIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#BigTechIsEvil</a> <a href="https://infosec.exchange/tags/GoogleIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#GoogleIsEvil</a> <a href="https://infosec.exchange/tags/BrowsersSuck" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#BrowsersSuck</a> <a href="https://infosec.exchange/tags/CABForumSucks" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CABForumSucks</a> <a href="https://infosec.exchange/tags/CABForumIsCorrupt" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CABForumIsCorrupt</a>

Erik van Straten<a href="https://mastodon.online/@vwbusguy" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@vwbusguy</a> : non-ACME certs suck big time.However, now the internet has turned into a malicious phishing mess.People can no longer determine who is responsible for a website, and nobody cares.Google hosted fake websites (using ACME certs from Let's Encrypt) on their cloud servers called: • cancel-google[.]com • adsupport-google[.]com • helpdesk-google[.]comSee (Dutch) <a href="https://infosec.exchange/@ErikvanStraten/113837934294209517" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://infosec.exchange/@ErikvanStraten/113837934294209517</a>.Google also doesn't give a fsck about HSTS, see <a href="https://infosec.exchange/@ErikvanStraten/113856108585517842" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://infosec.exchange/@ErikvanStraten/113856108585517842</a>.Worse, last year a phishing site with a domain name containing "google" was proxied by Cloudflare - and had a "GOOGLE TRUST SERVICES" DV certificate.Did I mention that browsers suck and that Big Tech, making Big Money, is knowingly complicit to cybercrime?And did I mention that certificates were not invented to please admins?<a href="https://infosec.exchange/tags/Phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Phishing</a> <a href="https://infosec.exchange/tags/DV" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DV</a> <a href="https://infosec.exchange/tags/GoogleIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#GoogleIsEvil</a> <a href="https://infosec.exchange/tags/BigTechIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#BigTechIsEvil</a> <a href="https://infosec.exchange/tags/GTS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#GTS</a> <a href="https://infosec.exchange/tags/BrowsersSuck" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#BrowsersSuck</a> <a href="https://infosec.exchange/tags/AnonymousWebsites" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AnonymousWebsites</a>

Erik van Straten<a href="https://comp.lain.la/users/7666" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@7666</a> : the TLS endpoint is a Cloudflare server (FISA section 702 tells Cloudflare to shut up about taps, exactly what Snowden warned for).TLS has been reduced to "first mile encryption".Let's Encrypt regularly issues certificates to fake sites (see "more information" in <a href="https://infosec.exchange/@ErikvanStraten/113079966331873386" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://infosec.exchange/@ErikvanStraten/113079966331873386</a>), and now they're going to kill OCSP.Edited to add: we need solutions. The world can perfectly do without people like you and the EFF who claim that everything works fine, (probably unknowingly )helping big tech earn billions from cybercrime.<a href="https://mastodon.social/@eff" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@eff</a> <a href="https://infosec.exchange/tags/DVSucks" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DVSucks</a> <a href="https://infosec.exchange/tags/DVIsMostlyUseless" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DVIsMostlyUseless</a> <a href="https://infosec.exchange/tags/BrowsersSuck" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#BrowsersSuck</a> <a href="https://infosec.exchange/tags/Phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Phishing</a>

Recherches récentes

Options de recherche

Administré par :

Statistiques du serveur :

#browserssuck