Erik van Straten<p>'Undo' Israel's offensive cyber collapse?</p><p>On Monday April 7 (2025) Netanyahu will probably try to convince Trump to 'Make Israel's Offensive Cyber Industry Great Again', including the likes of NSO (*).</p><p>(*) From (extremely pro-Zionist) <a href="https://www.israelhayom.com/2025/04/04/how-the-us-led-to-israels-offensive-cyber-collapse/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">israelhayom.com/2025/04/04/how</span><span class="invisible">-the-us-led-to-israels-offensive-cyber-collapse/</span></a>:<br>❝ [...]<br>The 2018 murder of Saudi journalist Jamal Khashoggi, a case that implicated NSO, marked a turning point in American policy toward offensive cyber generally and Israeli companies specifically.<br>[...]<br>Everything changed in November 2021, however, when the US Department of Commerce announced that two leading Israeli cyber companies – NSO and Candiru – had been added to the "Entity List" of organizations whose activities conflict with American national security interests.<br>[...] ❞</p><p>I expect Trump to be all ears, and to handle accordingly. Be careful out there.</p><p><a href="https://infosec.exchange/tags/FreePress" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FreePress</span></a> <a href="https://infosec.exchange/tags/JamalKhashoggi" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>JamalKhashoggi</span></a> <a href="https://infosec.exchange/tags/YouMayBeNext" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>YouMayBeNext</span></a> <a href="https://infosec.exchange/tags/FreedomOfSpeech" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FreedomOfSpeech</span></a> <a href="https://infosec.exchange/tags/Khashoggi" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Khashoggi</span></a> <a href="https://infosec.exchange/tags/JusticeForJamalKhashoggi" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>JusticeForJamalKhashoggi</span></a> <a href="https://infosec.exchange/tags/CyberWar" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberWar</span></a> <a href="https://infosec.exchange/tags/CyberTerror" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberTerror</span></a> <a href="https://infosec.exchange/tags/NSO" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NSO</span></a> <a href="https://infosec.exchange/tags/AitM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AitM</span></a> <a href="https://infosec.exchange/tags/MitM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MitM</span></a> <a href="https://infosec.exchange/tags/CyberTerrorism" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberTerrorism</span></a> <a href="https://infosec.exchange/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a> <a href="https://infosec.exchange/tags/FrancescaAlbaneseIsRight" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FrancescaAlbaneseIsRight</span></a></p>
Frühere Suchanfragen
Keine früheren Suchanfragen
Suchoptionen
Nur verfügbar, wenn angemeldet.
sueden.social ist einer von vielen unabhängigen Mastodon-Servern, mit dem du dich im Fediverse beteiligen kannst.
Eine Community für alle, die sich dem Süden hingezogen fühlen. Wir können alles außer Hochdeutsch.
Verwaltet von:
Serverstatistik:
2,2 Tsd.aktive Profile
sueden.social: Über · Status · Profilverzeichnis · Datenschutzerklärung
Mastodon: Über · App herunterladen · Tastenkombinationen · Quellcode anzeigen · v4.3.7
#mitm
2 Beiträge · 2 Beteiligte · 0 Beiträge heute
Erik van Straten<p><span class="h-card" translate="no"><a href="https://infosec.exchange/@fl" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>fl</span></a></span> : Thanks for your response!</p><p>Extremely worrysome is that Cloudflare is very USA (FISA Section 702) and MitM's all https connections: <a href="https://blog.cloudflare.com/password-reuse-rampant-half-user-logins-compromised/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">blog.cloudflare.com/password-r</span><span class="invisible">euse-rampant-half-user-logins-compromised/</span></a></p><p><a href="https://infosec.exchange/tags/CloudflareIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CloudflareIsEvil</span></a> <a href="https://infosec.exchange/tags/MitM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MitM</span></a> <a href="https://infosec.exchange/tags/AitM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AitM</span></a> <a href="https://infosec.exchange/tags/FISAsection702" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FISAsection702</span></a> <a href="https://infosec.exchange/tags/NSA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NSA</span></a> <a href="https://infosec.exchange/tags/Trump" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Trump</span></a></p>
Emory<p>surely one of you <a href="https://soc.kvet.ch/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> peers has a guide or article on why <a href="https://soc.kvet.ch/tags/VPN" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>VPN</span></a> services aren't the privacy silver bullet they often advertise themselves to be. something that mentions you're paying co-conspirators to <a href="https://soc.kvet.ch/tags/mitm" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>mitm</span></a> your own traffic in addition to lowering the reputation to that of your new address space? </p><p><a href="https://soc.kvet.ch/tags/opsec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>opsec</span></a> <a href="https://soc.kvet.ch/tags/bestPractices" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>bestPractices</span></a></p>
Erik van Straten<p>"Franse overheid voert phishingtest uit op 2,5 miljoen leerlingen"<br><a href="https://www.security.nl/posting/881630/Franse+overheid+voert+phishingtest+uit+op+2%2C5+miljoen+leerlingen" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">security.nl/posting/881630/Fra</span><span class="invisible">nse+overheid+voert+phishingtest+uit+op+2%2C5+miljoen+leerlingen</span></a></p><p>KRANKZINNIG!</p><p>Het is meestal onmogelijk om nepberichten (e-mail, SMS, ChatApp, social media en papieren post - zie plaatje) betrouwbaar van echte te kunnen onderscheiden.</p><p>Tegen phishing en vooral nepwebsites is echter prima iets te doen, zoals ik vandaag nogmaals beschreef in <a href="https://security.nl/posting/881655" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">security.nl/posting/881655</span><span class="invisible"></span></a>.</p><p>(Big Tech en luie websitebeheerders willen dat niet, dus is en blijft het een enorm gevecht).</p><p><a href="https://infosec.exchange/tags/Phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Phishing</span></a> <a href="https://infosec.exchange/tags/NepWebsites" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NepWebsites</span></a> <a href="https://infosec.exchange/tags/DV" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DV</span></a> <a href="https://infosec.exchange/tags/DVcerts" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DVcerts</span></a> <a href="https://infosec.exchange/tags/LetsEncrypt" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>LetsEncrypt</span></a> <a href="https://infosec.exchange/tags/Certificates" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Certificates</span></a> <a href="https://infosec.exchange/tags/Certificaten" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Certificaten</span></a> <a href="https://infosec.exchange/tags/Spoofing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Spoofing</span></a> <a href="https://infosec.exchange/tags/AitM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AitM</span></a> <a href="https://infosec.exchange/tags/MitM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MitM</span></a> <a href="https://infosec.exchange/tags/Evilginx2" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Evilginx2</span></a> <a href="https://infosec.exchange/tags/Zwakke2FA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Zwakke2FA</span></a> <a href="https://infosec.exchange/tags/ZwakkeMFA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ZwakkeMFA</span></a> <a href="https://infosec.exchange/tags/Weak2FA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Weak2FA</span></a> <a href="https://infosec.exchange/tags/WeakMFA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>WeakMFA</span></a> <a href="https://infosec.exchange/tags/Authenticatie" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Authenticatie</span></a> <a href="https://infosec.exchange/tags/Impersonatie" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Impersonatie</span></a> <a href="https://infosec.exchange/tags/Authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Authentication</span></a> <a href="https://infosec.exchange/tags/Impersonation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Impersonation</span></a> <a href="https://infosec.exchange/tags/DomainNames" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DomainNames</span></a> <a href="https://infosec.exchange/tags/Authenticity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Authenticity</span></a> <a href="https://infosec.exchange/tags/Aurhenticiteit" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Aurhenticiteit</span></a> <a href="https://infosec.exchange/tags/Owner" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Owner</span></a> <a href="https://infosec.exchange/tags/Eigenaar" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Eigenaar</span></a> <a href="https://infosec.exchange/tags/Verantwoordelijke" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Verantwoordelijke</span></a> <a href="https://infosec.exchange/tags/Responsible" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Responsible</span></a> <a href="https://infosec.exchange/tags/Accountable" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Accountable</span></a> <a href="https://infosec.exchange/tags/DigiD" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DigiD</span></a> <a href="https://infosec.exchange/tags/SMS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SMS</span></a> <a href="https://infosec.exchange/tags/Email" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Email</span></a> <a href="https://infosec.exchange/tags/ChatApps" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ChatApps</span></a> <a href="https://infosec.exchange/tags/Verzender" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Verzender</span></a> <a href="https://infosec.exchange/tags/Sender" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Sender</span></a> <a href="https://infosec.exchange/tags/BigTechIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BigTechIsEvil</span></a> <a href="https://infosec.exchange/tags/GoogleIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GoogleIsEvil</span></a> <a href="https://infosec.exchange/tags/CloudflareIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CloudflareIsEvil</span></a></p>
Erik van Straten<p><span class="h-card" translate="no"><a href="https://freeradical.zone/@mensrea" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>mensrea</span></a></span> : if you visit a shop (or a bank) in the center of the city, chances are near zero that it's run by impostors.</p><p>However, if you go to some vague second hand market, chances are the you will be deceived.</p><p>Possibly worse, if there's an ATM on the outside wall of a shack where Hells Angels meet, would you insert your bank card and enter your PIN?</p><p>On the web, most people do not know WHERE they are.</p><p>Big Tech is DELIBERATELY withholding essential information from people, required to determine the amount of trust that a website deserves.</p><p>DELIBERATELY, because big tech can rent much more (cheap) hosting and (meaningless) domain names to whomever if website vistors cannot distinguish between authentic and fake websites.</p><p>You are right that some people will never understand why they need to know who owns a website.</p><p>However, most people (including <span class="h-card" translate="no"><a href="https://infosec.exchange/@troyhunt" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>troyhunt</span></a></span> ) would enormously benefit.</p><p>Like all the other deaf and blind trolls, you trash a proposal because it may be useless for SOME, you provide zero solutions and you keep bashing me.</p><p>What part of "get lost" do you not understand?</p><p><span class="h-card" translate="no"><a href="https://mastodon.ar.al/@aral" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>aral</span></a></span> <span class="h-card" translate="no"><a href="https://ec.social-network.europa.eu/@EUCommission" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>EUCommission</span></a></span> <span class="h-card" translate="no"><a href="https://infosec.exchange/@letsencrypt" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>letsencrypt</span></a></span> <span class="h-card" translate="no"><a href="https://social.nlnet.nl/@nlnet" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>nlnet</span></a></span> </p><p><a href="https://infosec.exchange/tags/Authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Authentication</span></a> <a href="https://infosec.exchange/tags/Impersonation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Impersonation</span></a> <a href="https://infosec.exchange/tags/Spoofing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Spoofing</span></a> <a href="https://infosec.exchange/tags/Phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Phishing</span></a> <a href="https://infosec.exchange/tags/DV" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DV</span></a> <a href="https://infosec.exchange/tags/GoogleIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GoogleIsEvil</span></a> <a href="https://infosec.exchange/tags/BigTechIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BigTechIsEvil</span></a> <a href="https://infosec.exchange/tags/Certificates" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Certificates</span></a> <a href="https://infosec.exchange/tags/httpsVShttp" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>httpsVShttp</span></a> <a href="https://infosec.exchange/tags/AitM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AitM</span></a> <a href="https://infosec.exchange/tags/MitM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MitM</span></a> <a href="https://infosec.exchange/tags/FakeWebsites" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FakeWebsites</span></a> <a href="https://infosec.exchange/tags/CloudflareIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CloudflareIsEvil</span></a> <a href="https://infosec.exchange/tags/bond" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>bond</span></a> <a href="https://infosec.exchange/tags/dotBond" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>dotBond</span></a> <a href="https://infosec.exchange/tags/Spam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Spam</span></a> <a href="https://infosec.exchange/tags/Infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Infosec</span></a> <a href="https://infosec.exchange/tags/Ransomware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Ransomware</span></a> <a href="https://infosec.exchange/tags/Banks" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Banks</span></a></p>
Erik van Straten<p><span class="h-card" translate="no"><a href="https://freeradical.zone/@mensrea" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>mensrea</span></a></span> : it is not the UI/UX that is the problem. It is missing reliable info in the certs.</p><p>Image from <a href="https://infosec.exchange/@ErikvanStraten/114224682101772569" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">infosec.exchange/@ErikvanStrat</span><span class="invisible">en/114224682101772569</span></a></p><p><span class="h-card" translate="no"><a href="https://mastodon.ar.al/@aral" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>aral</span></a></span> <span class="h-card" translate="no"><a href="https://ec.social-network.europa.eu/@EUCommission" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>EUCommission</span></a></span> <span class="h-card" translate="no"><a href="https://infosec.exchange/@letsencrypt" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>letsencrypt</span></a></span> <span class="h-card" translate="no"><a href="https://social.nlnet.nl/@nlnet" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>nlnet</span></a></span> </p><p><a href="https://infosec.exchange/tags/Authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Authentication</span></a> <a href="https://infosec.exchange/tags/Impersonation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Impersonation</span></a> <a href="https://infosec.exchange/tags/Spoofing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Spoofing</span></a> <a href="https://infosec.exchange/tags/Phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Phishing</span></a> <a href="https://infosec.exchange/tags/DV" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DV</span></a> <a href="https://infosec.exchange/tags/GoogleIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GoogleIsEvil</span></a> <a href="https://infosec.exchange/tags/BigTechIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BigTechIsEvil</span></a> <a href="https://infosec.exchange/tags/Certificates" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Certificates</span></a> <a href="https://infosec.exchange/tags/httpsVShttp" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>httpsVShttp</span></a> <a href="https://infosec.exchange/tags/AitM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AitM</span></a> <a href="https://infosec.exchange/tags/MitM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MitM</span></a> <a href="https://infosec.exchange/tags/FakeWebsites" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FakeWebsites</span></a> <a href="https://infosec.exchange/tags/CloudflareIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CloudflareIsEvil</span></a> <a href="https://infosec.exchange/tags/bond" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>bond</span></a> <a href="https://infosec.exchange/tags/dotBond" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>dotBond</span></a> <a href="https://infosec.exchange/tags/Spam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Spam</span></a> <a href="https://infosec.exchange/tags/Infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Infosec</span></a> <a href="https://infosec.exchange/tags/Ransomware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Ransomware</span></a> <a href="https://infosec.exchange/tags/Banks" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Banks</span></a> <a href="https://infosec.exchange/tags/CloudflareIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CloudflareIsEvil</span></a> <a href="https://infosec.exchange/tags/FakeWebsites" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FakeWebsites</span></a></p>
Erik van Straten<p><span class="h-card" translate="no"><a href="https://mastodon.ar.al/@aral" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>aral</span></a></span> :</p><p>I don't want to pay a cent. Neither donate, nor via taxes.</p><p><a href="https://infosec.exchange/@ErikvanStraten/114227977082449887" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">infosec.exchange/@ErikvanStrat</span><span class="invisible">en/114227977082449887</span></a></p><p><span class="h-card" translate="no"><a href="https://mstdn.social/@TheDutchChief" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>TheDutchChief</span></a></span> <span class="h-card" translate="no"><a href="https://ec.social-network.europa.eu/@EUCommission" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>EUCommission</span></a></span> <span class="h-card" translate="no"><a href="https://infosec.exchange/@letsencrypt" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>letsencrypt</span></a></span> <span class="h-card" translate="no"><a href="https://social.nlnet.nl/@nlnet" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>nlnet</span></a></span> </p><p><a href="https://infosec.exchange/tags/Authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Authentication</span></a> <a href="https://infosec.exchange/tags/Impersonation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Impersonation</span></a> <a href="https://infosec.exchange/tags/Spoofing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Spoofing</span></a> <a href="https://infosec.exchange/tags/Phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Phishing</span></a> <a href="https://infosec.exchange/tags/DV" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DV</span></a> <a href="https://infosec.exchange/tags/GoogleIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GoogleIsEvil</span></a> <a href="https://infosec.exchange/tags/BigTechIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BigTechIsEvil</span></a> <a href="https://infosec.exchange/tags/Certificates" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Certificates</span></a> <a href="https://infosec.exchange/tags/httpsVShttp" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>httpsVShttp</span></a> <a href="https://infosec.exchange/tags/AitM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AitM</span></a> <a href="https://infosec.exchange/tags/MitM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MitM</span></a> <a href="https://infosec.exchange/tags/FakeWebsites" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FakeWebsites</span></a> <a href="https://infosec.exchange/tags/CloudflareIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CloudflareIsEvil</span></a> <a href="https://infosec.exchange/tags/bond" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>bond</span></a> <a href="https://infosec.exchange/tags/dotBond" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>dotBond</span></a> <a href="https://infosec.exchange/tags/Spam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Spam</span></a> <a href="https://infosec.exchange/tags/Infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Infosec</span></a> <a href="https://infosec.exchange/tags/Ransomware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Ransomware</span></a> <a href="https://infosec.exchange/tags/Banks" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Banks</span></a> <a href="https://infosec.exchange/tags/CloudflareIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CloudflareIsEvil</span></a> <a href="https://infosec.exchange/tags/FakeWebsites" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FakeWebsites</span></a></p>
Erik van Straten<p><span class="h-card" translate="no"><a href="https://mastodon.ar.al/@aral" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>aral</span></a></span> : most Let's Encrypt (and other Domain Validated) certificates are issued to junk- or plain criminal websites.</p><p>They're the ultimate manifestation of evil big tech.</p><p>They were introduced to encrypt the "last mile" because Internet Service Providers were replacing ads in webpages and, in the other direction, inserting fake clicks.</p><p>DV has destroyed the internet. People loose their ebank savings and companies get ransomwared; phishing is dead simple. EDIW/EUDIW will become an identity fraud disaster (because of AitM phishing atracks).</p><p>Even the name "Let's Encrypt" is wrong for a CSP: nobody needs a certificate to encrypt a connection. The primary purpose of a certificate is AUTHENTICATION (of the owner of the private key, in this case the website).</p><p>However, for human beings, just a domain name simply does not provide reliable identification information. It renders impersonation a peace of cake.</p><p>Decent online authentication is HARD. Get used to it instead of denying it.</p><p>REASONS/EXAMPLES</p><p>🔹 Troy Hunt fell in the DV trap: <a href="https://infosec.exchange/@ErikvanStraten/114222237036021070" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">infosec.exchange/@ErikvanStrat</span><span class="invisible">en/114222237036021070</span></a></p><p>🔹 Google (and Troy Hunt!) killed non-DV certs (for profit) because of the stripe.com PoC. Now Chrome does not give you any more info than what Google argumented: <a href="https://infosec.exchange/@ErikvanStraten/114224682101772569" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">infosec.exchange/@ErikvanStrat</span><span class="invisible">en/114224682101772569</span></a></p><p>🔹 https:⧸⧸cancel-google.com/captcha was live yesterday: <a href="https://infosec.exchange/@ErikvanStraten/114224264440704546" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">infosec.exchange/@ErikvanStrat</span><span class="invisible">en/114224264440704546</span></a></p><p>🔹 Stop phishing proposal: <a href="https://infosec.exchange/@ErikvanStraten/113079966331873386" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">infosec.exchange/@ErikvanStrat</span><span class="invisible">en/113079966331873386</span></a></p><p>🔹 Lots of reasons why LE sucks:<br><a href="https://infosec.exchange/@ErikvanStraten/112914047006977222" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">infosec.exchange/@ErikvanStrat</span><span class="invisible">en/112914047006977222</span></a> (corrected link 09:20 UTC)</p><p>🔹 This website stopped registering junk .bond domain names, probably because there were too many every day (the last page I found): <a href="https://newly-registered-domains.abtdomain.com/2024-08-15-bond-newly-registered-domains-part-1/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">newly-registered-domains.abtdo</span><span class="invisible">main.com/2024-08-15-bond-newly-registered-domains-part-1/</span></a>. However, this gang is still active, open the RELATIONS tab in <a href="https://www.virustotal.com/gui/ip-address/13.248.197.209/relations" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">virustotal.com/gui/ip-address/</span><span class="invisible">13.248.197.209/relations</span></a>. You have to multiply the number of LE certs by approx. 5 because they also register subdomains and don't use wildcard certs. Source: <a href="https://www.bleepingcomputer.com/news/security/revolver-rabbit-gang-registers-500-000-domains-for-malware-campaigns/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">bleepingcomputer.com/news/secu</span><span class="invisible">rity/revolver-rabbit-gang-registers-500-000-domains-for-malware-campaigns/</span></a></p><p><span class="h-card" translate="no"><a href="https://ec.social-network.europa.eu/@EUCommission" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>EUCommission</span></a></span> <span class="h-card" translate="no"><a href="https://infosec.exchange/@letsencrypt" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>letsencrypt</span></a></span> <span class="h-card" translate="no"><a href="https://social.nlnet.nl/@nlnet" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>nlnet</span></a></span> </p><p><a href="https://infosec.exchange/tags/Authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Authentication</span></a> <a href="https://infosec.exchange/tags/Impersonation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Impersonation</span></a> <a href="https://infosec.exchange/tags/Spoofing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Spoofing</span></a> <a href="https://infosec.exchange/tags/Phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Phishing</span></a> <a href="https://infosec.exchange/tags/DV" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DV</span></a> <a href="https://infosec.exchange/tags/GoogleIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GoogleIsEvil</span></a> <a href="https://infosec.exchange/tags/BigTechIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BigTechIsEvil</span></a> <a href="https://infosec.exchange/tags/Certificates" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Certificates</span></a> <a href="https://infosec.exchange/tags/httpsVShttp" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>httpsVShttp</span></a> <a href="https://infosec.exchange/tags/AitM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AitM</span></a> <a href="https://infosec.exchange/tags/MitM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MitM</span></a> <a href="https://infosec.exchange/tags/FakeWebsites" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FakeWebsites</span></a> <a href="https://infosec.exchange/tags/CloudflareIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CloudflareIsEvil</span></a> <a href="https://infosec.exchange/tags/bond" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>bond</span></a> <a href="https://infosec.exchange/tags/dotBond" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>dotBond</span></a> <a href="https://infosec.exchange/tags/Spam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Spam</span></a> <a href="https://infosec.exchange/tags/Infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Infosec</span></a> <a href="https://infosec.exchange/tags/Ransomware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Ransomware</span></a> <a href="https://infosec.exchange/tags/Banks" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Banks</span></a> <a href="https://infosec.exchange/tags/CloudflareIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CloudflareIsEvil</span></a> <a href="https://infosec.exchange/tags/FakeWebsites" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FakeWebsites</span></a></p>
Erik van Straten<p><span class="h-card" translate="no"><a href="https://mastodon.social/@BjornW" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>BjornW</span></a></span> :</p><p>I've stopped doing that after a lot of people called me an idiot and a liar if I kindly notified them. I stopped, I'll get scolded anyway.</p><p>Big tech and most admins want everyone to believe that "Let's Encrypt" is the only goal. Nearly 100% of tech people believe that.</p><p>And admins WANT to believe that, because reliable authentication of website owners is a PITA. They just love ACME and tell their website visitors to GFY.</p><p>People like you tooting nonsense get a lot of boosts. It's called fake news or big tech propaganda. If you know better, why don't you WRITE BETTER?</p><p>It has ruined the internet. Not for phun but purely for profit. And it is what ruins people's lives and lets employees open the vdoor for ransomware and data-theft.</p><p>See also <a href="https://infosec.exchange/@ErikvanStraten/112914047006977222" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">infosec.exchange/@ErikvanStrat</span><span class="invisible">en/112914047006977222</span></a> (and, in Dutch, <a href="https://security.nl/posting/881296" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">security.nl/posting/881296</span><span class="invisible"></span></a>).</p><p><span class="h-card" translate="no"><a href="https://infosec.exchange/@troyhunt" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>troyhunt</span></a></span> <span class="h-card" translate="no"><a href="https://infosec.exchange/@letsencrypt" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>letsencrypt</span></a></span> </p><p><a href="https://infosec.exchange/tags/DV" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DV</span></a> <a href="https://infosec.exchange/tags/Impersonation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Impersonation</span></a> <a href="https://infosec.exchange/tags/AnonymousCertificates" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AnonymousCertificates</span></a> <a href="https://infosec.exchange/tags/Authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Authentication</span></a> <a href="https://infosec.exchange/tags/LetsAuthenticate" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>LetsAuthenticate</span></a> <a href="https://infosec.exchange/tags/BigTechIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BigTechIsEvil</span></a> <a href="https://infosec.exchange/tags/GoogleIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GoogleIsEvil</span></a> <a href="https://infosec.exchange/tags/CloudflareIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CloudflareIsEvil</span></a> <a href="https://infosec.exchange/tags/LetsEncrypt" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>LetsEncrypt</span></a> <a href="https://infosec.exchange/tags/Identity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Identity</span></a> <a href="https://infosec.exchange/tags/Authenticity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Authenticity</span></a> <a href="https://infosec.exchange/tags/Phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Phishing</span></a> <a href="https://infosec.exchange/tags/Spoofing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Spoofing</span></a> <a href="https://infosec.exchange/tags/CyberCrime" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberCrime</span></a> <a href="https://infosec.exchange/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a> <a href="https://infosec.exchange/tags/AitM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AitM</span></a> <a href="https://infosec.exchange/tags/MitM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MitM</span></a> <a href="https://infosec.exchange/tags/Weak2FA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Weak2FA</span></a> <a href="https://infosec.exchange/tags/WeakMFA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>WeakMFA</span></a> <a href="https://infosec.exchange/tags/DVcerts" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DVcerts</span></a> <a href="https://infosec.exchange/tags/Certificates" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Certificates</span></a> <a href="https://infosec.exchange/tags/ACME" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ACME</span></a> <a href="https://infosec.exchange/tags/USdependencies" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>USdependencies</span></a> <a href="https://infosec.exchange/tags/USdependency" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>USdependency</span></a> <a href="https://infosec.exchange/tags/USdependent" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>USdependent</span></a> <a href="https://infosec.exchange/tags/USAdependencies" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>USAdependencies</span></a> <a href="https://infosec.exchange/tags/USAdependency" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>USAdependency</span></a> <a href="https://infosec.exchange/tags/USAdependent" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>USAdependent</span></a></p>
Erik van Straten<p><span class="h-card" translate="no"><a href="https://infosec.exchange/@troyhunt" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>troyhunt</span></a></span> : if we open a website that we've never visited before, we need browsers to show us all available details about that website, and warn us if such details are not available.</p><p>We also need better (readable) certificates identifying the responsible / accountable party for a website.</p><p>We have been lied to that anonymous DV certificates are a good idea *also* for websites we need to trust. It's a hoax.</p><p>Important: certificates never directly warrant the trustworthyness of a website. They're about authenticity, which includes knowing who the owner is and in which country they are located. This helps ensuring that you can sue them (or not, if in e.g. Russia) which *indirectly* makes better identifiable websites more reliable.</p><p>More info in <a href="https://infosec.exchange/@ErikvanStraten/113079966331873386" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">infosec.exchange/@ErikvanStrat</span><span class="invisible">en/113079966331873386</span></a> (see also <a href="https://crt.sh/?Identity=mailchimp-sso.com" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">crt.sh/?Identity=mailchimp-sso</span><span class="invisible">.com</span></a>).</p><p>Note: most people do not understand certificates, like <span class="h-card" translate="no"><a href="https://mastodon.social/@BjornW" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>BjornW</span></a></span> in <a href="https://mastodon.social/@BjornW/114064065891034415" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">mastodon.social/@BjornW/114064</span><span class="invisible">065891034415</span></a>:<br>❝<br><span class="h-card" translate="no"><a href="https://infosec.exchange/@letsencrypt" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>letsencrypt</span></a></span> offers certificates to encrypt the traffic between a website & your browser.<br>❞<br>2x wrong.</p><p>A TLS v1.3 connection is encrypted before the website sends their certificate, which is used only for *authentication* of the website (using a digital signature over unguessable secret TLS connection parameters). A cert binds the domain name to a public key, and the website proves possession of the associated private key.</p><p>However, for people a domain name simply does not suffice for reliable identification. People need more info in the certificate and it should be shown to them when it changes.</p><p>Will you please help me get this topic seriously on the public agenda?</p><p>Edited 09:15 UTC to add: tap "Alt" in the images for details.</p><p><a href="https://infosec.exchange/tags/DVcerts" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DVcerts</span></a> <a href="https://infosec.exchange/tags/Authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Authentication</span></a> <a href="https://infosec.exchange/tags/Impersonation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Impersonation</span></a> <a href="https://infosec.exchange/tags/Spoofing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Spoofing</span></a> <a href="https://infosec.exchange/tags/Phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Phishing</span></a> <a href="https://infosec.exchange/tags/DV" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DV</span></a> <a href="https://infosec.exchange/tags/GoogleIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GoogleIsEvil</span></a> <a href="https://infosec.exchange/tags/BigTechIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BigTechIsEvil</span></a> <a href="https://infosec.exchange/tags/Certificates" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Certificates</span></a> <a href="https://infosec.exchange/tags/httpsVShttp" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>httpsVShttp</span></a> <a href="https://infosec.exchange/tags/AitM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AitM</span></a> <a href="https://infosec.exchange/tags/MitM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MitM</span></a> <a href="https://infosec.exchange/tags/FakeWebsites" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FakeWebsites</span></a> <a href="https://infosec.exchange/tags/CloudflareIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CloudflareIsEvil</span></a></p>
Erik van Straten<p><span class="h-card" translate="no"><a href="https://mk.absturztau.be/@Linux" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>Linux</span></a></span> : you're definitely not fearmongering.</p><p>Eugene Kaspersky warned many times for fragmentation of the internet, like in <a href="https://www.smh.com.au/technology/cyber-spying-risks-the-future-of-the-internet-eugene-kaspersky-20131107-hv2g1.html" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">smh.com.au/technology/cyber-sp</span><span class="invisible">ying-risks-the-future-of-the-internet-eugene-kaspersky-20131107-hv2g1.html</span></a> more than 11 years ago:<br>❝<br>Mr Kaspersky said he feared governments would withdraw to their own parallel networks away from the prying eyes of others, and would cease investing in the development of the public internet, products and services.<br>❞</p><p>(An IMO nice read on internet history: <a href="https://eugene.kaspersky.com/2017/02/07/internet-archaeology/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">eugene.kaspersky.com/2017/02/0</span><span class="invisible">7/internet-archaeology/</span></a>).</p><p>Personally I predicted many years ago that online identity fraud would cause too much damage soon.</p><p>Fortunately both predictions have not fully materialized, but we're definitely heading in the wrong direction.</p><p>Here's one example from many, severly undermining trust in the internet: <a href="https://www.bleepingcomputer.com/news/security/microsoft-trust-signing-service-abused-to-code-sign-malware/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">bleepingcomputer.com/news/secu</span><span class="invisible">rity/microsoft-trust-signing-service-abused-to-code-sign-malware/</span></a>.</p><p>It's not just TLD's: by far most digital certificates are issued by Big Tech with pompous names like "Google Trust Services" - most of them to criminal websites.</p><p>See also <a href="https://gist.githubusercontent.com/qbourgue/071c333ff5182f031da3ba55cc7da1ec/raw/ec4ba396c0d1052cc8b0a69c1bad1e0e5aef2ab6/malicious_domains_impersonating_reddit_wetransfer_selfau3_dropper_lumma_stealer_20012025.txt" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">gist.githubusercontent.com/qbo</span><span class="invisible">urgue/071c333ff5182f031da3ba55cc7da1ec/raw/ec4ba396c0d1052cc8b0a69c1bad1e0e5aef2ab6/malicious_domains_impersonating_reddit_wetransfer_selfau3_dropper_lumma_stealer_20012025.txt</span></a> (src: <span class="h-card" translate="no"><a href="https://infosec.exchange/@_r_netsec" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>_r_netsec</span></a></span> in <a href="https://infosec.exchange/@_r_netsec/114211978370291738" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">infosec.exchange/@_r_netsec/11</span><span class="invisible">4211978370291738</span></a>).</p><p><a href="https://infosec.exchange/tags/Kaspersky" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Kaspersky</span></a> <a href="https://infosec.exchange/tags/Fragmentation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Fragmentation</span></a> <a href="https://infosec.exchange/tags/Impersonation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Impersonation</span></a> <a href="https://infosec.exchange/tags/Authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Authentication</span></a> <a href="https://infosec.exchange/tags/AitM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AitM</span></a> <a href="https://infosec.exchange/tags/MitM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MitM</span></a> <a href="https://infosec.exchange/tags/BigTechIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BigTechIsEvil</span></a> <a href="https://infosec.exchange/tags/GoogleIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GoogleIsEvil</span></a> <a href="https://infosec.exchange/tags/DVcerts" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DVcerts</span></a></p>
Radio Azureus<p><span class="h-card" translate="no"><a href="https://infosec.exchange/@ErikvanStraten" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>ErikvanStraten</span></a></span> </p><p>Dankjewel voor deze verhelderende uitleg. Ik heb er niet bij stilgestaan dat door Cloudflare grote blokken van het internet letterlijk kunnen worden uitgeschakeld, door simpelweg een script te draaien</p><p><a href="https://mastodon.social/tags/Risico" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Risico</span></a> <a href="https://mastodon.social/tags/Economie" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Economie</span></a> <a href="https://mastodon.social/tags/Cloudflare" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cloudflare</span></a> <a href="https://mastodon.social/tags/Fastly" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Fastly</span></a> <a href="https://mastodon.social/tags/CDN" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CDN</span></a> <a href="https://mastodon.social/tags/AitM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AitM</span></a> <a href="https://mastodon.social/tags/MitM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MitM</span></a> <a href="https://mastodon.social/tags/FISASection702" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FISASection702</span></a> <a href="https://mastodon.social/tags/FISA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FISA</span></a> <a href="https://mastodon.social/tags/ThreeLetterAgencies" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ThreeLetterAgencies</span></a> <a href="https://mastodon.social/tags/Trump" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Trump</span></a> <a href="https://mastodon.social/tags/Sbowden" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Sbowden</span></a> <a href="https://mastodon.social/tags/E2EE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>E2EE</span></a> <a href="https://mastodon.social/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a> <a href="https://mastodon.social/tags/VVD" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>VVD</span></a> <a href="https://mastodon.social/tags/PVV" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PVV</span></a> <a href="https://mastodon.social/tags/CIDI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CIDI</span></a> <a href="https://mastodon.social/tags/VT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>VT</span></a> <a href="https://mastodon.social/tags/VirusTotal" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>VirusTotal</span></a> <a href="https://mastodon.social/tags/DVCerts" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DVCerts</span></a> <a href="https://mastodon.social/tags/DV" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DV</span></a> <a href="https://mastodon.social/tags/OV" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OV</span></a> <a href="https://mastodon.social/tags/EV" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>EV</span></a> <a href="https://mastodon.social/tags/QWAC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>QWAC</span></a> <a href="https://mastodon.social/tags/CyberCrime" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberCrime</span></a> <a href="https://mastodon.social/tags/NepWebsites" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NepWebsites</span></a> <a href="https://mastodon.social/tags/FakeWebsites" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FakeWebsites</span></a></p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://infosec.exchange/@cR0w" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>cR0w</span></a></span> <span class="h-card" translate="no"><a href="https://infosec.exchange/@troyhunt" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>troyhunt</span></a></span> <span class="h-card" translate="no"><a href="https://infosec.exchange/@dangoodin" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>dangoodin</span></a></span> <span class="h-card" translate="no"><a href="https://benjojo.co.uk/u/benjojo" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>benjojo</span></a></span> <span class="h-card" translate="no"><a href="https://mastodon.social/@Viss" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>Viss</span></a></span> <span class="h-card" translate="no"><a href="https://ioc.exchange/@matthew_d_green" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>matthew_d_green</span></a></span> </p><p>Seriously, <a href="https://infosec.space/tags/ClownFlare" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ClownFlare</span></a> are at best a <a href="https://infosec.space/tags/ValueRemoving" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ValueRemoving</span></a> <a href="https://infosec.space/tags/MITM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MITM</span></a> and more often than not a <a href="https://infosec.space/tags/RogueISP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RogueISP</span></a> who's business model is a <a href="https://infosec.space/tags/RacketeeringScheme" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RacketeeringScheme</span></a> that should not exist to begin with.</p><ul><li>There is no legitimate reason to use <a href="https://infosec.space/tags/Cloudflare" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cloudflare</span></a>!</li></ul>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://infosec.exchange/@0xF21D" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>0xF21D</span></a></span> <a href="https://infosec.space/tags/ClownFlare" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ClownFlare</span></a> is a <a href="https://infosec.space/tags/RogueISP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RogueISP</span></a> and their <a href="https://infosec.space/tags/MITM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MITM</span></a>-based approach eould've always allowed that.</p><ul><li>Why is <em>ANYONE</em> here surprised of that?</li></ul><p><a href="https://infosec.space/@kkarhan/114184984516877186" rel="nofollow noopener noreferrer" target="_blank">Seriously!</a></p>
utzer [Pleroma]Große <a class="hashtag" href="https://soc.utzer.de/tag/mitm" rel="nofollow noopener noreferrer" target="_blank">#MITM</a> Attacke. <br><br><a href="https://infosec.exchange/@0xF21D/114178659343887260" rel="nofollow noopener noreferrer" target="_blank">https://infosec.exchange/@0xF21D/114178659343887260</a>
Erik van Straten<p><span class="h-card" translate="no"><a href="https://infosec.exchange/@0xF21D" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>0xF21D</span></a></span> : Cloudflare is evil anyway.</p><p>Cloudflare reverse-proxies (or -proxied):</p><p>-<br>cloudflare.com.save-israel·org<br>-<br>ns.cloudflare.com.save-israel·org<br>-<br>albert.ns.cloudflare.com.save-israel·org<br>-<br>sydney.ns.cloudflare.com.save-israel·org<br>-</p><p>I don't know whether any of these domains were or are malicious, but such domain names are insane; expect evilness.</p><p>See also:<br><a href="https://crt.sh/?Identity=save-israel.org" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">crt.sh/?Identity=save-israel.o</span><span class="invisible">rg</span></a></p><p>Tap "Alt" in the images for more info.</p><p><span class="h-card" translate="no"><a href="https://infosec.exchange/@malanalysis" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>malanalysis</span></a></span> </p><p><a href="https://infosec.exchange/tags/CloudflareIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CloudflareIsEvil</span></a> <a href="https://infosec.exchange/tags/BigTechIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BigTechIsEvil</span></a> <a href="https://infosec.exchange/tags/AitM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AitM</span></a> <a href="https://infosec.exchange/tags/MitM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MitM</span></a> <a href="https://infosec.exchange/tags/DV" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DV</span></a> <a href="https://infosec.exchange/tags/DVCerts" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DVCerts</span></a> <a href="https://infosec.exchange/tags/DVCertsSuck" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DVCertsSuck</span></a> <a href="https://infosec.exchange/tags/BrowsersSuck" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BrowsersSuck</span></a></p>
Erik van Straten<p><span class="h-card" translate="no"><a href="https://infosec.exchange/@0xF21D" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>0xF21D</span></a></span> wrote: "[...] something we technically knew was going on before but didn't consciously consider a threat, until now."</p><p>I've been warning for CDN's like Cloudflare and Fastly (and cloud providers in general) for a long time.</p><p>Here's a recent toot (in Dutch, the "translate" button should do the job): <a href="https://infosec.exchange/@ErikvanStraten/114042082778156313" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">infosec.exchange/@ErikvanStrat</span><span class="invisible">en/114042082778156313</span></a>.</p><p>If you trust Google to translate it (guaranteed NOT error-free, it *may* work in other browsers than Chrome): <a href="https://infosec-exchange.translate.goog/@ErikvanStraten/114042082778156313?_x_tr_sl=nl&_x_tr_tl=en&_x_tr_hl=en&_x_tr_pto=wapp" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">infosec-exchange.translate.goo</span><span class="invisible">g/@ErikvanStraten/114042082778156313?_x_tr_sl=nl&_x_tr_tl=en&_x_tr_hl=en&_x_tr_pto=wapp</span></a></p><p>P.S. Fastly knows your <a href="https://infosec.exchange" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">infosec.exchange</span><span class="invisible"></span></a> login credentials.</p><p><span class="h-card" translate="no"><a href="https://infosec.exchange/@malanalysis" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>malanalysis</span></a></span> </p><p><a href="https://infosec.exchange/tags/Cloudflare" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cloudflare</span></a> <a href="https://infosec.exchange/tags/MitM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MitM</span></a> <a href="https://infosec.exchange/tags/AitM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AitM</span></a> <a href="https://infosec.exchange/tags/Fastly" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Fastly</span></a> <a href="https://infosec.exchange/tags/CDN" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CDN</span></a> <a href="https://infosec.exchange/tags/TLSinterception" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TLSinterception</span></a></p>
Blue DeviL // SCT<p>Eavesdropping on Black-box Mobile Devices via Audio Amplifier’s EMR</p><p><a href="https://www.ndss-symposium.org/wp-content/uploads/2024-240-paper.pdf" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">ndss-symposium.org/wp-content/</span><span class="invisible">uploads/2024-240-paper.pdf</span></a></p><p><a href="https://infosec.exchange/tags/mitm" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>mitm</span></a> <a href="https://infosec.exchange/tags/eavesdropping" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>eavesdropping</span></a> <a href="https://infosec.exchange/tags/hacking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>hacking</span></a></p>
adb<p><a href="https://arcanechat.me" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">arcanechat.me</span><span class="invisible"></span></a> server reached 1500 users!!!</p><p>the server is using around 1GB of RAM, CPU is almost unused, and only 1.4GB of storage used for encrypted user volatile data, that is around 1MB per user on average!</p><p>the cost of self-hosting a <a href="https://mastodon.social/tags/chatmail" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>chatmail</span></a> server for <a href="https://mastodon.social/tags/ArcaneChat" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ArcaneChat</span></a> / <a href="https://mastodon.social/tags/DeltaChat" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DeltaChat</span></a> is really low! and you don't even need to trust the server operator or even the VPS provider if you are selfhosting since all is <a href="https://mastodon.social/tags/e2ee" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>e2ee</span></a> and safe against <a href="https://mastodon.social/tags/mitm" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>mitm</span></a> thanks to the green checkmark in chats</p>
Ehay2k<p><span class="h-card" translate="no"><a href="https://mastodon.social/@sjvn" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>sjvn</span></a></span> </p><p>Uh, if that's Schrodinger's mouse, then clearly it's a Quantum MITM attack!!!</p><p>You need PQCs now!!! (Pest Quelling Cryptography)</p><p><a href="https://mastodon.social/tags/quantumcryptography" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>quantumcryptography</span></a> <a href="https://mastodon.social/tags/mitm" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>mitm</span></a></p>
EntdeckenLive-Feeds
Mastodon ist der beste Zugang, um auf dem Laufenden zu bleiben.
Du kannst jedem im Fediverse folgen und alles in chronologischer Reihenfolge sehen. Keine Algorithmen, Werbung oder Clickbaits vorhanden.
Konto erstellenAnmeldenZum Hochladen hereinziehen