est.social

1 postitusega1 osalejaga0 postitust täna

Erik van StratenLet's EncryptIn <a href="https://infosec.exchange/@aral@mastodon.ar.al/114224524044750719" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://infosec.exchange/@aral@mastodon.ar.al/114224524044750719</a> <a href="https://mastodon.ar.al/@aral" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@aral</a> wants us to pay taxes to keep Let's Encrypt "alive". Here's another reason NOT to do that.Apparently the *.eu.org domain needed laundrying because it's reputation became too bad. So scammers create zillions of insane domain names and obtain *FREE* (for them) certificates for those sites. Usually such sites are not malicious; they're intended to have virusscanners remove detection, eventually for the sub-TLD ".eu.org".To see this, you may consider opening <a href="https://crt.sh?q=eu.org" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://crt.sh?q=eu.org</a> but that will fail because there are WAY too many results.To restrict the amount of records, try a subdomain name and further restrict output by deduplicating and restricting to not expired, as follows: <a href="https://crt.sh/?Identity=madaline.eu.org&exclude=expired&deduplicate=Y" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://crt.sh/?Identity=madaline.eu.org&exclude=expired&deduplicate=Y</a>The screenshot below gives an idea (they're all Let's Encrypt certs by the way, and I marked one with an insane domain name).I wrote about this phenomenon before, e.g. in <a href="https://www.security.nl/posting/781057/Let%27s+Encrypt+git_git_git___" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.security.nl/posting/781057/Let%27s+Encrypt+git_git_git___</a> (at the time I did not understand why yet).VirusTotal knows of 72.5K direct subdomains of *.eu.org: "Subdomains (72.5 K)"(open the RELATIONS tab in <a href="https://www.virustotal.com/gui/domain/eu.org/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.virustotal.com/gui/domain/eu.org/</a>).<a href="https://mstdn.social/@TheDutchChief" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@TheDutchChief</a> <a href="https://ec.social-network.europa.eu/@EUCommission" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@EUCommission</a> <a href="https://infosec.exchange/@letsencrypt" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@letsencrypt</a> <a href="https://social.nlnet.nl/@nlnet" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@nlnet</a> <a href="https://infosec.exchange/tags/DV" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DV</a> <a href="https://infosec.exchange/tags/DVcerts" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DVcerts</a> <a href="https://infosec.exchange/tags/LetsEncrypt" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#LetsEncrypt</a>

Erik van Straten<a href="https://infosec.exchange/@troyhunt" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@troyhunt</a> : if we open a website that we've never visited before, we need browsers to show us all available details about that website, and warn us if such details are not available.We also need better (readable) certificates identifying the responsible / accountable party for a website.We have been lied to that anonymous DV certificates are a good idea *also* for websites we need to trust. It's a hoax.Important: certificates never directly warrant the trustworthyness of a website. They're about authenticity, which includes knowing who the owner is and in which country they are located. This helps ensuring that you can sue them (or not, if in e.g. Russia) which *indirectly* makes better identifiable websites more reliable.More info in <a href="https://infosec.exchange/@ErikvanStraten/113079966331873386" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://infosec.exchange/@ErikvanStraten/113079966331873386</a> (see also <a href="https://crt.sh/?Identity=mailchimp-sso.com" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://crt.sh/?Identity=mailchimp-sso.com</a>).Note: most people do not understand certificates, like <a href="https://mastodon.social/@BjornW" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@BjornW</a> in <a href="https://mastodon.social/@BjornW/114064065891034415" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://mastodon.social/@BjornW/114064065891034415</a>: ❝ <a href="https://infosec.exchange/@letsencrypt" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@letsencrypt</a> offers certificates to encrypt the traffic between a website & your browser. ❞ 2x wrong.A TLS v1.3 connection is encrypted before the website sends their certificate, which is used only for *authentication* of the website (using a digital signature over unguessable secret TLS connection parameters). A cert binds the domain name to a public key, and the website proves possession of the associated private key.However, for people a domain name simply does not suffice for reliable identification. People need more info in the certificate and it should be shown to them when it changes.Will you please help me get this topic seriously on the public agenda?Edited 09:15 UTC to add: tap "Alt" in the images for details.<a href="https://infosec.exchange/tags/DVcerts" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DVcerts</a> <a href="https://infosec.exchange/tags/Authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Authentication</a> <a href="https://infosec.exchange/tags/Impersonation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Impersonation</a> <a href="https://infosec.exchange/tags/Spoofing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Spoofing</a> <a href="https://infosec.exchange/tags/Phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Phishing</a> <a href="https://infosec.exchange/tags/DV" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DV</a> <a href="https://infosec.exchange/tags/GoogleIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#GoogleIsEvil</a> <a href="https://infosec.exchange/tags/BigTechIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#BigTechIsEvil</a> <a href="https://infosec.exchange/tags/Certificates" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Certificates</a> <a href="https://infosec.exchange/tags/httpsVShttp" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#httpsVShttp</a> <a href="https://infosec.exchange/tags/AitM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AitM</a> <a href="https://infosec.exchange/tags/MitM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#MitM</a> <a href="https://infosec.exchange/tags/FakeWebsites" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#FakeWebsites</a> <a href="https://infosec.exchange/tags/CloudflareIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CloudflareIsEvil</a>

Erik van Straten<a href="https://infosec.exchange/@0xF21D" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@0xF21D</a> : Cloudflare is evil anyway.Cloudflare reverse-proxies (or -proxied):- cloudflare.com.save-israel·org - ns.cloudflare.com.save-israel·org - albert.ns.cloudflare.com.save-israel·org - sydney.ns.cloudflare.com.save-israel·org -I don't know whether any of these domains were or are malicious, but such domain names are insane; expect evilness.See also: <a href="https://crt.sh/?Identity=save-israel.org" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://crt.sh/?Identity=save-israel.org</a>Tap "Alt" in the images for more info.<a href="https://infosec.exchange/@malanalysis" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@malanalysis</a> <a href="https://infosec.exchange/tags/CloudflareIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CloudflareIsEvil</a> <a href="https://infosec.exchange/tags/BigTechIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#BigTechIsEvil</a> <a href="https://infosec.exchange/tags/AitM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AitM</a> <a href="https://infosec.exchange/tags/MitM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#MitM</a> <a href="https://infosec.exchange/tags/DV" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DV</a> <a href="https://infosec.exchange/tags/DVCerts" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DVCerts</a> <a href="https://infosec.exchange/tags/DVCertsSuck" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DVCertsSuck</a> <a href="https://infosec.exchange/tags/BrowsersSuck" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#BrowsersSuck</a>

Viimatised otsingud

Otsimisvalikud

Administraator:

Serveri statistika:

#dvcerts