|
spankmeister posted:When they said Free Kevin Mitnick they meant it. You get one with every phishing test. I'll take one!
|
#
?
May 3, 2024 22:43
|
|
|
|
| # ? May 18, 2024 22:46 |
|
|
Wiggly Wayne DDS posted:not that i recall, but uh spoilers i've never bought an avatar for myself (maybe the very first? idr). or gangtags. this username is also from a random namechange thread... i guess its just the face in the gif that short circuited my brain anyway keep up the good work champ
|
|
#
?
May 3, 2024 22:52
|
|
|
Wiggly Wayne DDS posted:not that i recall, but uh spoilers i've never bought an avatar for myself (maybe the very first? idr). or gangtags. this username is also from a random namechange thread... just a minor thing, it'll be fine till 2027...
|
|
#
?
May 3, 2024 23:07
|
|
|
Antigravitas posted:CSR must be included in an .nfo file. The private signing key is also an x86 executable that prints "YCAPOS BITHC" Captain Foo posted:the lmaos will continue until distrust occurs
|
|
#
?
May 3, 2024 23:17
|
|
|
Getting "I don't recall" vibes from "we foresee no impact at this time".
|
|
#
?
May 3, 2024 23:17
|
|
|
I did not have public key exchanges with that web server
|
|
#
?
May 3, 2024 23:44
|
|
|
fins posted:just a minor thing, it'll be fine till 2027... "Identrust posted:A full incident report detailing the root cause analysis, corrective actions, and preventive measures will be supplied by May 17, 2027
|
|
#
?
May 4, 2024 00:59
|
|
|
Raymond T. Racing posted:I did not have public key exchanges with that web server
|
|
#
?
May 4, 2024 01:09
|
|
|
ahaha
|
|
#
?
May 4, 2024 01:10
|
|
|
:paulie walnuts laugh:
|
|
#
?
May 4, 2024 01:46
|
|
|
|
|
#
?
May 4, 2024 01:58
|
|
|
lmao
|
|
#
?
May 4, 2024 02:03
|
|
|
goddamn best image ever hosted as an SA attachment, maybe?
|
|
#
?
May 4, 2024 14:05
|
|
|
securritee breach
|
|
#
?
May 4, 2024 15:13
|
|
|
locked and loaded... just say the word thread
|
|
#
?
May 4, 2024 18:07
|
|
|
namlosh posted:locked and loaded... just say the word thread thread gonna need you to hack into the Mozilla root store and do the changes
|
|
#
?
May 4, 2024 18:12
|
|
|
I’m not feeling cheeky enough to post a disabling diff, but maybe if I have a few beers tonight
|
|
#
?
May 4, 2024 18:32
|
|
|
Raymond T. Racing posted:thread I need better grammar... I'm curious to see if anything will break if I keep it like this for a while. If everyone did the same, wouldn't that be functionally equivalent to (at least one of the roots) distrusting Entrust? e: grammar again
|
|
#
?
May 4, 2024 18:37
|
|
|
namlosh posted:If everyone did the same, wouldn't that be functionally equivalent to (at least one of the roots) distrusting Entrust? yes, that change is exactly what would happen in a disabling patch
|
|
#
?
May 4, 2024 18:40
|
|
|
namlosh posted:I need better grammar... I'm curious to see if anything will break if I keep it like this for a while.
|
|
#
?
May 4, 2024 18:46
|
|
|
hey! ... oh yeah, you're right
|
|
#
?
May 4, 2024 19:00
|
|
|
The Fool posted:hey!
|
|
#
?
May 4, 2024 19:02
|
|
|
im reading through the e-tugra incident and jfc. what the gently caress, even. i think this thread found me a new hobby of following the CA Program issues in the mozilla bugzilla. at least its not all total poo poo, just a few excessively awful instances.
|
|
#
?
May 4, 2024 20:05
|
|
|
digitalist posted:
Double major in English and CS here. This is what we in the biz call "write-only documentation".
|
|
#
?
May 4, 2024 20:17
|
|
|
necrotic posted:im reading through the e-tugra incident and jfc. what the gently caress, even. to some extent, this is the exact purpose of the bugzilla being public
|
|
#
?
May 4, 2024 20:37
|
|
|
Arsenic Lupin posted:Double major in English and CS here. This is what we in the biz call "write-only documentation".   Wiggly Wayne DDS posted:i already checked what places run entrust certs and its nothing important for 99% of the web, unless you're looking into entrust's own sites or specific enterprise customers And government clients, I know the Canadian govt has a bunch of certs with them, and Quebec, and I'll assume other provincial governments are also in the same boat thanks to public procurement processes which privilege the lowest bid that check the right boxes.
|
|
#
?
May 4, 2024 21:25
|
|
|
digitalist posted:and Quebec Wiggly Wayne DDS posted:its nothing important for 99% of the web
|
|
#
?
May 4, 2024 21:29
|
|
|
it's of utmost importance for le web
|
|
#
?
May 4, 2024 21:30
|
|
|
fins posted:just a minor thing, it'll be fine till 2027... that's the second time-travelling CA in two days, see also the certificate policy of the future!
|
|
#
?
May 4, 2024 21:32
|
|
|
|
|
#
?
May 4, 2024 21:34
|
|
|
SeaborneClink posted:TrustCor because Rachel McPherson couldn't keep her foot out of her mouth and imploded a CA by being combative in all her responses to CA/B I've been reading this for like 2 hours. Its hard to pull quotes that do it justice.
|
|
#
?
May 4, 2024 21:41
|
|
|
Sectigo has a PKI podcast? https://soundcloud.com/tim-callan/r...=social_sharing
|
|
#
?
May 4, 2024 21:48
|
|
|
Please Keep Incriminatingyourselves
|
|
#
?
May 4, 2024 21:55
|
|
|
Captain Foo posted:to some extent, this is the exact purpose of the bugzilla being public yup! one of the things I’m unclear about with the e-tugra case is that the original pen test (in Turkish) has way more issues on the chart than the English translation, and that doesn’t appear to be addressed at all as part of the issue. did I miss something while reading, or was it simply ignored since it was decided to remove them anyway (I think?). I definitely have a newfound appreciation for the effort put into maintaining trust in this bonkers ecosystem without just jumping to a witch hunt. it shows how a trust ecosystem can work, but also how it can break down.
|
|
#
?
May 4, 2024 22:10
|
|
|
spankmeister posted:Sectigo has a PKI podcast? e: went through all of the podcasts this year (started from predictions 2024 really), parts i thought were worth noting: 20240326 Root Causes 371 - Bugzilla Bloodbath quote:21:07 I can tell you from a little bit of searching that I'm aware of two CAs that have noncompliance problems in the form of these other ones who have not written up bugs yet. quote:10:20 And, you know, I was asked a question very directly in last October's, the October 2023 face-to-face by one of the browsers. What are the circumstances under which you would allow a delayed revocation? Wiggly Wayne DDS fucked around with this message at 02:13 on May 5, 2024 |
|
#
?
May 4, 2024 23:31
|
|
|
Human health and safety are sometimes the responsibility of government agencies though.
|
|
#
?
May 5, 2024 03:41
|
|
|
MononcQc posted:Human health and safety are sometimes the responsibility of government agencies though. Yes, but that would be a relatively straightforward claim for Entrust to make, and they did not
|
|
#
?
May 5, 2024 03:45
|
|
|
Captain Foo posted:Yes, but that would be a relatively straightforward claim for Entrust to make, and they did not yeah of course not. that would require a level of competence in communication they do not appear capable of
|
|
#
?
May 5, 2024 03:50
|
|
|
So I'm reading through the Globaltrust Certification Policy and, from what I understand it's just suppose to state "what" they do, and the Certification Policy Statement is where they demonstrate how they accomplish the what. I guess it makes it pretty dry reading, is there a matrix somewhere I could compare or check boxes to make sure they're at least covering the necessary bases?quote:5.1 Physical controls / Bauliche Sicherheitsmaßnahmen Fascinating read. Curious to actually get into the meat of the matter, so off I went to find the GLOBALTRUST Certificate Security Policy, shouldn't this be called the Certification Policy Statement? Anyway, then I stumbled on this, which is actually on the first page or so of the Certification Policy document, quote:The GLOBALTRUST Certificate Security Policy is not publicly available. / Die GLOBALTRUST Certificate Security Policy ist nicht öffentlich verfügbar So, no information on what they're actually doing to ensure BR are being met is actually available to the public? Do I need to request it? Is that normal? This all seems, bad.
|
|
#
?
May 5, 2024 03:52
|
|
|
|
| # ? May 18, 2024 22:46 |
|
|
I always had some sense that PKI depending on trusted root CAs was ripe for Bad Things to happen but I didn't expect multiple CAs to have worse security than my grandma's wordpress.
|
|
#
?
May 5, 2024 04:31
|
|