|
This is a courtesy notice that if your company has Entrust-issued TLS certificates in load-bearing capacities, you would do well to figure out how you would move to either or both of a) another CA, or b) 90-day cert validity periods . Thank you. You may return to burning effigies of the Palo Alto product manager of your choice.
|
# ? May 6, 2024 15:26 |
|
|
# ? May 26, 2024 12:35 |
|
Subjunctive posted:This is a courtesy notice that if your company has Entrust-issued TLS certificates in load-bearing capacities, you would do well to figure out how you would move to either or both of a) another CA, or b) 90-day cert validity periods . your certificate authority is a piece of poo poo
|
# ? May 6, 2024 15:37 |
|
Look some were issued incorrectly but our clients told us it would be disruptive for us to revoke them and the customer is always right you see
|
# ? May 6, 2024 15:49 |
tadashi posted:I love how smug I feel when I don't get an interview for an infosec job I applied for and then the company has a huge information security issue.
|
|
# ? May 6, 2024 15:56 |
|
BlankSystemDaemon posted:It means they were looking to hire someone to take the fall for existing issues. I find that the issues are already a known issue internally and this is to backfill the current fall guys.
|
# ? May 6, 2024 16:11 |
|
Sickening posted:I find that the issues are already a known issue internally and this is to backfill the current fall guys. How much is the going rate for professional fall guy?
|
# ? May 6, 2024 16:12 |
|
BlankSystemDaemon posted:It means they were looking to hire someone to take the fall for existing issues.
|
# ? May 6, 2024 17:47 |
|
Subjunctive posted:This is a courtesy notice that if your company has Entrust-issued TLS certificates in load-bearing capacities, you would do well to figure out how you would move to either or both of a) another CA, or b) 90-day cert validity periods . Anyone got a summary I can put in front of my CISO boss's eyes
|
# ? May 6, 2024 18:07 |
|
https://substack.com/@aaomidi
|
# ? May 6, 2024 18:09 |
|
Rust Martialis posted:Anyone got a summary I can put in front of my CISO boss's eyes
|
# ? May 6, 2024 18:10 |
|
I finally registered to take the CISSP. I've used the official study guide, some classes, Destination CISSP, CISSP flash cards, podcasts. Basically everything I can think of other than actual Brain Dumps/test banks. Any last advice from anyone?
|
# ? May 6, 2024 18:17 |
|
Rust Martialis posted:Anyone got a summary I can put in front of my CISO boss's eyes Expecting one from the head of Mozilla’s root program in the next day or two, maybe today. Amir’s above is pretty good though incomplete.
|
# ? May 6, 2024 18:24 |
|
Another successful goon project
|
# ? May 6, 2024 18:27 |
|
Serious Hardware/Software Crap › The Infosec Thread: Yes, time to move off Entrust
|
# ? May 6, 2024 18:45 |
|
En"Trust"
|
# ? May 6, 2024 18:57 |
|
Zero trust refers to vendors
|
# ? May 6, 2024 19:09 |
|
unknown posted:Serious Hardware/Software Crap › The Infosec Thread: Yes, time to move off Entrust lol, this is great. Reported it to remind myself next time I'm at a computer.
|
# ? May 6, 2024 19:59 |
|
Rust Martialis posted:Anyone got a summary I can put in front of my CISO boss's eyes https://wiki.mozilla.org/CA/Entrust_Issues just dropped waiting for Bruce Morton to release a diss track response
|
# ? May 6, 2024 22:09 |
|
Subjunctive posted:https://wiki.mozilla.org/CA/Entrust_Issues just dropped Step aside Kendrick, Bruce has beef
|
# ? May 6, 2024 22:14 |
|
Oct posted:I haven't vetted these myself but the folks behind the DFIR Report have started offering a few hands-on labs which might be good: I'll take a look at these, thanks!
|
# ? May 7, 2024 00:06 |
|
the email has landed: https://groups.google.com/u/1/a/mozilla.org/g/dev-security-policy/c/LhTIUMFGHNw
|
# ? May 7, 2024 16:01 |
|
hell yes
|
# ? May 7, 2024 16:28 |
|
eat poo poo entrust you fucks
|
# ? May 7, 2024 19:13 |
|
|
# ? May 7, 2024 19:15 |
|
CLAM DOWN posted:eat poo poo entrust you fucks So I'm not a certificate guy. A skim says Entrust is sloppy and non-conformant to standards., and doesn't clean up promptly and properly. What's the killer aspect I'm not grasping in this?
|
# ? May 7, 2024 19:59 |
|
Rust Martialis posted:So I'm not a certificate guy. A skim says Entrust is sloppy and non-conformant to standards., and doesn't clean up promptly and properly. What's the killer aspect I'm not grasping in this? "We hosed up." "Are you going to fix it?" "No, it wasn't a big deal and we'd make our customers mad." "But you absolutely need to, it's part of the thing you agreed to do when you were trusted by us" "Yeah but we're not gonna." The willful noncompliance for what appears to be strictly customer facing business reputation reasons is apparently the hill they've chosen to die on, and it looks like the root program is accepting that challenge and asking if they're really sure about that.
|
# ? May 7, 2024 20:08 |
|
Rust Martialis posted:So I'm not a certificate guy. A skim says Entrust is sloppy and non-conformant to standards., and doesn't clean up promptly and properly. What's the killer aspect I'm not grasping in this? They have a month to come up with a plan to shape up or face consequences. A full on detrust doesn't seem likely at this point but as posters more in the know have already suggested, limiting them to 90 or even 30 days until they have demonstrated to have significantly improved their attitude seems possible.
|
# ? May 7, 2024 20:15 |
|
A CA not worried about their reputation is a bit ironic.
|
# ? May 7, 2024 20:15 |
|
Glad we have two Entrust threads now
|
# ? May 7, 2024 22:16 |
|
dragon64 posted:Glad we have two Entrust threads now We can't entrust it to just one
|
# ? May 7, 2024 22:31 |
|
It's fine, entrust me bro
|
# ? May 7, 2024 22:34 |
|
Who entrusts the entrusters? (It's browser vendors)
|
# ? May 7, 2024 22:35 |
|
dragon64 posted:Glad we have two Entrust threads now is that you, Bruce?
|
# ? May 7, 2024 22:54 |
|
Subjunctive posted:is that you, Bruce? Prove it isn't
|
# ? May 8, 2024 03:06 |
|
Yubico is refreshing their yubikey 5 and security key firmware https://www.yubico.com/press-releas...ation-at-scale/ Main items are: - pin complexity assessment - expanded storage for TOTP and resident fido2 identities No way to upgrade existing keys so you will have to junk your current one if you need those features. Too little too late on the expanded storage IMHO, most people that used them i know of (me included) eventually moved to other platforms for TOTP and passkeys when they clashed against the limits. SlowBloke fucked around with this message at 11:38 on May 8, 2024 |
# ? May 8, 2024 11:34 |
|
Why such small storage? I've never understood that given how cheap gigabytes of memory have become.
|
# ? May 8, 2024 15:51 |
|
Zorak of Michigan posted:Why such small storage? I've never understood that given how cheap gigabytes of memory have become. The super secure storage is entirely different than "flash drive memory"
|
# ? May 8, 2024 16:11 |
|
Raymond T. Racing posted:The super secure storage is entirely different than "flash drive memory" The change is being sold as a firmware upgrade so i would guess they had shorter indexes/pointers for the TOTP and FIDO items to save on complexity in code/memory usage. If hardware changed, they would have said so to make the case for new purchases, rather than a simple firmware replacement in their fabs.
|
# ? May 8, 2024 16:40 |
|
Possible Zscaler data breach. https://x.com/DarkWebInformer/status/1788186389755969990
|
# ? May 8, 2024 17:45 |
|
|
# ? May 26, 2024 12:35 |
|
Welp. My day is getting longer.
|
# ? May 8, 2024 17:46 |