|
if let's encrypt destroys paypal, it'll have achieved far more than it set out to do.
|
#
?
Mar 24, 2017 13:39
|
|
|
|
| # ? May 18, 2024 22:23 |
|
|
im the one that has fraud in the name
|
|
#
?
Mar 24, 2017 13:56
|
|
|
ate all the Oreos posted:im the one that has fraud in the name one of the ways to phish people is through an account recovery or fraud protection flow, since most haven't gone through it, and some will be spooked enough by it to not think clearly my parents got a fake ios app subscription receipt with a very prominent "cancel and manage subscriptions" link and correctly knew it was phishing but they're def. above average
|
|
#
?
Mar 24, 2017 14:19
|
|
|
Cocoa Crispies posted:one of the ways to phish people is through an account recovery or fraud protection flow, since most haven't gone through it, and some will be spooked enough by it to not think clearly yeah i know i get those all the time, i just think it's funny to see "paypal-fraud-site.cz" or whatever
|
|
#
?
Mar 24, 2017 14:23
|
|
|
amazing
|
|
#
?
Mar 24, 2017 14:33
|
|
|
lmao that sounds like so much work
|
|
#
?
Mar 24, 2017 14:35
|
|
|
Cocoa Crispies posted:lmao that sounds like so much work would be much easier to just put some ativan in your mouth and drink water
|
|
#
?
Mar 24, 2017 14:40
|
|
|
what do those kinds of people do for money? do they think wendy's doesn't have a file on them? if you're going freegan you might not be getting enough nutrients to run your own brain right or something if i was using github and jenkems over tor i would probably hate life too
|
|
#
?
Mar 24, 2017 15:26
|
|
|
idk what the gently caress he's talking about the second I go into incognito mode YouTube serves me ads for Russian toothpaste so whatever high tech tracking they're doing is clearly poo poo
|
|
#
?
Mar 24, 2017 15:30
|
|
|
it's almost as if someone that goes to all that trouble to hide browsing habits that nobody cares about* is paranoid as hell and sees patterns where none exist *unless he's a pedo or something, but i'd put odds on him being a plain old 
|
|
#
?
Mar 24, 2017 15:44
|
|
|
Chris Knight posted:amazing 2017 and this linux user still can't get sound in his browser
|
|
#
?
Mar 24, 2017 15:56
|
|
|
BillWh0re posted:2017 and this linux user still can't get sound in his browser
|
|
#
?
Mar 24, 2017 16:11
|
|
|
tbh that linux user doesn't get many things.
|
|
#
?
Mar 24, 2017 16:14
|
|
|
Ur Getting Fatter posted:idk what the gently caress he's talking about the second I go into incognito mode YouTube serves me ads for Russian toothpaste so whatever high tech tracking they're doing is clearly poo poo That's what they want you to think!
|
|
#
?
Mar 24, 2017 16:31
|
|
|
"hey you need to get on this old service that nobody remembers the password to because reasons" "hmm ok, let me see if i can find the password somewhere or reset it... oh hey look a text file... with an unsalted MD5 in it, cool" i love being able to just google MD5's it just makes me giggle 
|
|
#
?
Mar 24, 2017 16:31
|
|
|
Google's tossing all of the Symantec certs
|
|
#
?
Mar 24, 2017 16:46
|
|
|
Ur Getting Fatter posted:idk what the gently caress he's talking about the second I go into incognito mode YouTube serves me ads for Russian toothpaste so whatever high tech tracking they're doing is clearly poo poo but the audio could infect your sound drivers and spy on you!!! i'm just imagining this guy is like Monk but instead of dirt he's freaking out and yelling "attack surface ATTACK SURFACE AAAA"
|
|
#
?
Mar 24, 2017 16:50
|
|
|
no they aren't. keep reading quote:In addition, we propose to require that all newly-issued certificates must have validity periods of no greater than 9 months (279 days) in order to be trusted in Google Chrome, effective Chrome 61 quote:This proposal allows for web developers to continue to use Symantec issued certificates, but will see their validity period reduced. This ensure that web developers are aware of the risk and potential of future distrust of Symantec-issued certificates, should additional misissuance events occur, while also allowing them the flexibility to continue using such certificates should it be necessary.
|
|
#
?
Mar 24, 2017 16:51
|
|
|
Disgusting abuse of your power! You are punishing 30,000 websites, 99.9%+ of whom are completely legitimate, in order to exact revenge against Symantec. LEAVE THE INNOCENT BYSTANDERS ALONE!!!! I propose you block all *new* Symantec certificates until they go back and re-validate (AT THEIR EXPENSE) all the 30,000 websites, and revoke any that are found incorrect. Be responsible with the power you have, and mindful of the massive collateral damage your actions cause! You've already just destroyed wosign and startssl wreaking havoc across their entire user base: ***WE*** SUFFER when *you* attack CAs... so STOP IT!!!!
|
|
#
?
Mar 24, 2017 17:04
|
|
|
Nah, it was a mistake for them to conflate transport layer security with trustiworthiness of the entity in the first place. HTTPS everywhere should be the standard. If e-commerce companies want to create a further layer on top of that to certify trustworthiness then they should do it.
|
|
#
?
Mar 24, 2017 17:04
|
|
|
Its not the CAs job to stop phishing, their job is to verify ownership.
|
|
#
?
Mar 24, 2017 17:08
|
|
|
yeah good luck getting regular people to understand encryption vs trust. especially after its been drilled into their head to look for the lock without explaining what the lock means.
|
|
#
?
Mar 24, 2017 17:08
|
|
|
Subjunctive posted:no they aren't. keep reading Yes they are: quote:To restore confidence and security of our users, we propose the following steps: They'll all have to be reissued and replaced. I mean, people can still use them, but they won't be trusted. El Mero Mero fucked around with this message at 17:25 on Mar 24, 2017 |
|
#
?
Mar 24, 2017 17:22
|
|
|
El Mero Mero posted:Yes they are: ah yes, you're right, I didn't realize you just meant the current ones
|
|
#
?
Mar 24, 2017 17:29
|
|
|
so these are all in the Safe Browsing list now, right?
|
|
#
?
Mar 24, 2017 17:30
|
|
|
https://twitter.com/Babylonian/status/845027732845084672
|
|
#
?
Mar 24, 2017 17:37
|
|
|
my favourite part about that thread is that one guy pointing out google has their own CA now and absolutely nobody taking the bait there just might be hope for humanity left
|
|
#
?
Mar 24, 2017 17:38
|
|
|
go to the sdkfjdsflsdfkl
|
|
#
?
Mar 24, 2017 17:42
|
|
|
Margo: What's happening? Hal: It's replicating, eating up memory: what do I do? The Plague: Type 'sdkfjdsflsdfk', you idiot. I'll head them off at the pass.
|
|
#
?
Mar 24, 2017 17:50
|
|
|
Shaggar posted:yeah good luck getting regular people to understand encryption vs trust. especially after its been drilled into their head to look for the lock without explaining what the lock means. remember how last time you were making this dumb argument it was pretty readily disproven by actual research (Subjunctive posted I think?) showing that no, people don't give a gently caress about the lock or even look at the address bar, and then you just kinda didn't respond to that remember that
|
|
#
?
Mar 24, 2017 18:33
|
|
|
no I don't. all I remember is people looking at the lock and thinking it means its ok
|
|
#
?
Mar 24, 2017 18:36
|
|
|
don't quote shaggar
|
|
#
?
Mar 24, 2017 18:41
|
|
|
https://twitter.com/CiscoSecurity/status/845331129523748868 100% breach detection yo
|
|
#
?
Mar 24, 2017 18:59
|
|
|
OSI bean dip posted:https://twitter.com/CiscoSecurity/status/845331129523748868 Out of all the breaches we detected, we detected 100% of them.
|
|
#
?
Mar 24, 2017 19:11
|
|
|
https://twitter.com/amallek/status/845337101923205120 Co-Founder/CEO of CertCenter hrm they seem to resell only symantec certs shocking
|
|
#
?
Mar 24, 2017 19:18
|
|
|
Wiggly Wayne DDS posted:https://twitter.com/amallek/status/845337101923205120 https://twitter.com/amallek/status/845339483360972801
|
|
#
?
Mar 24, 2017 19:24
|
|
|
pretend i posted that ms paint drawing of the guy pretending to be retarded until people walk away and then going "heh now they think I'm retarded :smug" because i can't find it
|
|
#
?
Mar 24, 2017 19:30
|
|
|
lmao
|
|
#
?
Mar 24, 2017 19:38
|
|
|
Regarding the whole ISP's selling browsing history etc, I'm seeing a lot of people recommend a VPN as a solution. What keeps the ISP from just MITMing your traffic?
|
|
#
?
Mar 24, 2017 19:44
|
|
|
|
| # ? May 18, 2024 22:23 |
|
|
how would they do that to any arbitrary endpoint without you having to manually trust their certificates?
|
|
#
?
Mar 24, 2017 19:48
|
|
