|
Truga posted:looking forward to a bunch of sites having orange address bars on september 8th when this becomes mandatory and browsers start checking it quote:Relying Applications MUST NOT use CAA records as part of certificate validation.
|
# ? Apr 5, 2017 11:11 |
|
|
# ? May 17, 2024 03:47 |
|
huh, you're right. i missed that.
|
# ? Apr 5, 2017 11:18 |
|
so what's the point
|
# ? Apr 5, 2017 11:24 |
|
spankmeister posted:so what's the point e: i think the intent is that if all your certs are issued by diginotar, you put that into your zone. so if wosign then gets a csr for spankmeister.horse they'll know someone is trying to trick them and refuse to sign, even though someone wrote them a very convincing letter on your letterhead
|
# ? Apr 5, 2017 11:26 |
|
Yeah when I actually bothered to read the introduction it made sense
|
# ? Apr 5, 2017 11:27 |
|
also, the best thing:quote:CAs MUST document potential issuances that were prevented by a CAA if someone tries to issue a cert for your domain but is prevented by caa, you get notified
|
# ? Apr 5, 2017 11:32 |
|
Daman posted:in a competition like ictf a 1% difference is wholly attributable to being unlucky with their poo poo garbage infrastructure not scoring correctly one or two times. so… y'all broke the rules because you didn't think you'd be caught, and then sent a million emails protesting that you didn't break the rules enough
|
# ? Apr 5, 2017 13:16 |
|
Daman posted:in a competition like ictf a 1% difference is wholly attributable to being unlucky with their poo poo garbage infrastructure not scoring correctly one or two times. smooth move you cheating idiot
|
# ? Apr 5, 2017 13:36 |
|
i remember a psychology study a while back that found that kids raised with "everyone gets a trophy because you're all winners!" did nothing for self esteem however it did train them that the only place that matters is first place and anything else is for losers
|
# ? Apr 5, 2017 13:52 |
|
ate all the Oreos posted:i remember a psychology study a while back that found that kids raised with "everyone gets a trophy because you're all winners!" did nothing for self esteem however it did train them that the only place that matters is first place and anything else is for losers kids raised with `everyone gets a trophy` are emotionally stunted because their parents couldn't handle losing
|
# ? Apr 5, 2017 13:57 |
|
Bonfire Lit posted:certification authorities must check those records, browsers don't except that wosign is gonna gently caress it up or not do it at all and still issue your cert. w/out client side enforcement its a stupid waste of time.
|
# ? Apr 5, 2017 14:41 |
|
Shaggar posted:except that wosign is gonna gently caress it up or not do it at all and still issue your cert. w/out client side enforcement its a stupid waste of time. and then wosign gets murdered by google/mozilla/ms even harder i guess?
|
# ? Apr 5, 2017 14:47 |
|
Cocoa Crispies posted:so… y'all broke the rules because you didn't think you'd be caught, and then sent a million emails protesting that you didn't break the rules enough not a Russian, ictf has always been garbage run by academic sperglords. you only have it as a dc qual because it's like the only a/d ctf regardless of quality last year they literally made everyone write their own challenges lmbo
|
# ? Apr 5, 2017 14:51 |
|
Shaggar posted:except that wosign is gonna gently caress it up or not do it at all and still issue your cert. w/out client side enforcement its a stupid waste of time. so it's gonna get dropped. if symantec wasn't too big to fail, nothing is, lol
|
# ? Apr 5, 2017 14:57 |
|
Wiggly Wayne DDS posted:amidst a ton of broadcom vulns being publicly released by project zero there's a good part 1 of attacking their wifi stack https://googleprojectzero.blogspot.co.uk/2017/04/over-air-exploiting-broadcoms-wi-fi_4.html very good read, punchline being broadcom having a MPU available and activated, but marking all memory as RWX
|
# ? Apr 5, 2017 15:02 |
|
fins posted:very good read, punchline being broadcom having a MPU available and activated, but marking all memory as RWX Yeah i laughed when I got there
|
# ? Apr 5, 2017 15:11 |
|
Shaggar posted:except that wosign is gonna gently caress it up or not do it at all and still issue your cert. w/out client side enforcement its a stupid waste of time. the idea is forcing newly generated certs to abide by the DNS check without making all currently issued certs suspect - google and mozilla can still stop trusting certs from a CA independently of this "client doesn't have to check the CA against the DNS record" is a simple enough workaround, can always update it later when all current certs have expired
|
# ? Apr 5, 2017 15:32 |
|
specifying effective date ranges per CA in the DNS record would make client side enforcement doable.
|
# ? Apr 5, 2017 15:37 |
|
Truga posted:anyone posted about caa dns records yet? https://tools.ietf.org/html/rfc6844 Nice.
|
# ? Apr 5, 2017 16:44 |
|
Shaggar posted:specifying effective date ranges per CA in the DNS record would make client side enforcement doable.
|
# ? Apr 5, 2017 17:09 |
|
ate all the Oreos posted:i remember a psychology study a while back that found that kids raised with "everyone gets a trophy because you're all winners!" did nothing for self esteem however it did train them that the only place that matters is first place and anything else is for losers i mean duh
|
# ? Apr 5, 2017 17:40 |
|
Bonfire Lit posted:currently the rfc specifies the allowed issuer by domain name, so even if you added a time constraint parameter to the issue/issuewild property, that'd require the browsers to ship with a huge table mapping the allowed issuer "symantec.com" to all 47 or w/e root certs they control sounds like the rfc is bad all around and should define a better mechanism for identifying CAs
|
# ? Apr 5, 2017 18:07 |
|
also lol that that apparently means you have to allow Symantec and all their resellers instead of just one reseller.
|
# ? Apr 5, 2017 18:09 |
|
check out this thread https://twitter.com/kennethlipp/status/849464271104815104
|
# ? Apr 5, 2017 18:38 |
|
anthonypants posted:check out this thread https://twitter.com/kennethlipp/status/849464271104815104 I need this in my life right now
|
# ? Apr 5, 2017 18:41 |
|
anthonypants posted:check out this thread https://twitter.com/kennethlipp/status/849464271104815104
|
# ? Apr 5, 2017 18:45 |
|
anthonypants posted:check out this thread https://twitter.com/kennethlipp/status/849464271104815104 lol and all but why in the world would you touch cop poop.
|
# ? Apr 5, 2017 18:48 |
|
wonder if the IP address gave the game away
|
# ? Apr 5, 2017 18:51 |
|
Shaggar posted:lol and all but why in the world would you touch cop poop. gonna be tremendous when they start being this careless with armed rpvs
|
# ? Apr 5, 2017 18:51 |
|
yeah but theres no scenario here that ends with "oh, thank you citizen for reporting this opsec failure! we will remedy this immediately!". you're going to jail for "hacking" even for a responsible disclosure.
|
# ? Apr 5, 2017 18:53 |
|
im so excited
|
# ? Apr 5, 2017 18:55 |
|
and I just can't hide it
|
# ? Apr 5, 2017 19:06 |
|
https://twitter.com/kennethlipp/status/849684722150256648
|
# ? Apr 5, 2017 19:07 |
|
Shaggar posted:you're going to jail for "hacking" even for a responsible disclosure. yep
|
# ? Apr 5, 2017 19:09 |
graph posted:yep
|
|
# ? Apr 5, 2017 19:20 |
|
there's some poo poo you don't touch also http://www.crn.com/news/security/30.../0/1?itc=hp_ots quote:Cylance was the fastest-growing private cybersecurity company in 2015, according to the 2016 Inc. 5000, with $11.1 million in revenue in 2015 and a 7,613 percent three-year growth rate. The company has also landed a huge amount of venture capital funding, including $100 million in Series D funding in June, one of the largest by any security company last year.
|
# ? Apr 5, 2017 19:24 |
|
jre posted:and I just can't hide it ba da-da da-da *da da da da da da*
|
# ? Apr 5, 2017 19:24 |
|
OSI bean dip posted:there's some poo poo you don't touch
|
# ? Apr 5, 2017 19:26 |
|
oh jesus the IP to that thing is in one of the videos.
|
# ? Apr 5, 2017 19:32 |
|
|
# ? May 17, 2024 03:47 |
|
CRIP EATIN BREAD posted:oh jesus the IP to that thing is in one of the videos.
|
# ? Apr 5, 2017 19:34 |