 |
Post AxqVLdOhzRRYXGtaU4 by [email protected] |
 |
More posts by [email protected] |
|
Post #Axq0wRP4RwUhTK8TlA by [email protected] |
|
0 likes, 3 repeats |
|
|
|
People in Internet security circles are sounding the alarm over the issuance of… |
|
|
|
Post #Axq3wTPZHeC1Yv4jr6 by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@dangoodinLooks like someone was testing and used 1.1.1.1 as a dummy IP (along … |
|
|
|
Post #Axq3wTXMoeQnx6iy0m by [email protected] |
|
0 likes, 0 repeats |
|
|
|
catch the mis-issued certificate before it was trusted by Windows."Surely … |
|
|
|
Post #Axq3wTd2TYy6EhNUqu by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@yadt There's a transparency log so companies can catch these kinds of thin… |
|
|
|
Post #Axq3wTjQ5q4YYUManY by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@dangoodinI don't understand the logistics of how you expect that check to … |
|
|
|
Post #Axq3wTq9gnSatNVyIS by [email protected] |
|
0 likes, 0 repeats |
|
|
|
(and other root programs) to *trust* CAs to issue certificates, but also to *ve… |
|
|
|
Post #Axq3wWaJU9ZRP77rWK by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@dangoodinBefore the root CA was trusted there were no certificates, so nothing… |
|
|
|
Post #Axq3wX0BvwGqhNEWrA by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@yadt The TLS transparency log was designed for this very purpose. You can read… |
|
|
|
Post #Axq3wX7HVZwT3MYBuK by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@dangoodinThanks, I am aware. But you seem to be confused.CT logs do not (and c… |
|
|
|
Post #Axq3wXDJ9AlLM3N0Ii by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@yadt I just changed the wording in my post. |
|
|
|
Post #Axq3wXTcAXo4Ad01ia by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@dangoodinEven then, the "before" quoted from the article would be im… |
|
|
|
Post #Axq47mXGWLs83n4Hg0 by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@dangoodin certificates don't contain private keys. Thank god, private keys… |
|
|
|
Post #Axq4ELKw2mqDjPQgSm by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@dangoodin UGH, here's the patch, "if ip == "1.1.1.1": # &l… |
|
|
|
Post #Axq4EniIXWANjyZjlY by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@dangoodin but ClownFlare is the bestest at security! Look at their lava lamps!… |
|
|
|
Post #Axq57aODmLXqLQJAau by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@dangoodin "The certificates, issued in May, can be used to decrypt domain… |
|
|
|
Post #Axq57aUxNIvsgJSY5o by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@dalias Sorry about that. Already fixed by the time you called it out. |
|
|
|
Post #Axq5sXeVm1EzSvJmdM by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@dangoodin And sorry for snapping more aggressively than was probably appropria… |
|
|
|
Post #Axq5sXkBQvmHkVyJTU by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@dalias All good. I hold others to a high standard, so only fair I hold myself … |
|
|
|
Post #Axq5sf9bsnHAjOvDZw by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@cdn79 You're right. Fixed. I temporarily forgot how TLS works. Thanks for … |
|
|
|
Post #Axq67x5TUPFkh6HIkS by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@dalias And you're right. This is detail isn't accademic. It's cruc… |
|
|
|
Post #Axq6Uf5UZtsNWt7CFs by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@dangoodinThanks, that makes more logical sense. My subjective opinion is that … |
|
|
|
Post #Axq6XGPEneKlqkajsu by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@rootwyrm @dangoodin But, in this case, Cloudflare had no hand in this.This was… |
|
|
|
Post #Axq6Z4pKozl2W7fA6y by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@yadt @dangoodin For several years, I and other experts have warned Microsoft a… |
|
|
|
Post #Axq8s3NsbsDxS7zuaW by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@agwa@dangoodin That I consider entirely fair. |
|
|
|
Post #AxqDnNVWrcDYBfAJea by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@[email protected] CAs suck ass 💔 dogshit unused DANE my beloved❤… |
|
|
|
Post #AxqDpp5ZHvlcJABjI8 by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@agwa @dangoodin @yadt I remember something like IE trusting some certs despite… |
|
|
|
Post #AxqDq55nmpSdwWQ8sS by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@navi @rootwyrm @dangoodinThe problem started with letting them declare for the… |
|
|
|
Post #AxqDrhEnRw4eXNOjmS by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@leeloo @navi @dangoodin that's why you have to buy a proxy from a zero tru… |
|
|
|
Post #AxqDsTdFWK9ed7CwYi by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@dangoodin Ah yes, the reason I don't trust large corporations for DNS |
|
|
|
Post #AxqFOH27zuE6mCZQA4 by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@dangoodin Let's drag out this oldie but goodie again... https://bugzilla.m… |
|
|
|
Post #AxqKqNqwje87o3Yzcu by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@cdn79 @dangoodin The Feeling When buying an S/MIME cert and the vendor offers … |
|
|
|
Post #AxqVLdOhzRRYXGtaU4 by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@me @dangoodin DANE requires DNSSEC, though, which still isn't adopted wide… |
|
|
|
Post #AxqjRHrGNum2pOqE7M by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@[email protected] A small typo here "DNS over HTTPS or DNS over … |
|
|
|
Post #AxqjY0kyMkW3oe6ahs by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@dangoodin My guess is someone is just making a test cert and didn't know t… |
|
|
|
Post #AxqlnlPzMTK2mnvgVE by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@dangoodin, anyone remember DigiNotar?https://blog.1password.com/who-do-you-tru… |
|
|
|
Post #AxqlnlZCoCh9FOF2rw by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@jpgoldberg @dangoodin And remember the bogus Microsoft code-signing certificat… |
|
|
|
Post #AxqpY5pu50elIKplfk by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@Nimbius666 @dangoodin the certificate transparency logs have benefitted the ba… |
|
|
|
Post #AxqphXfXy0YyDuUlt2 by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@dangoodin @thegibson |
|
|
|
Post #AxqpjSc7jVX57koDZY by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@mweiss @me @dangoodin I don't know anything about this but the name is sup… |
|
|
|
Post #AxqzrtkphydF9nXq4G by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@jawnsy @me @dangoodin thanks 🙂 I was pretty proud of that one, both the nam… |
