Mastodon Chapril

0 message0 participant0 message aujourd’hui

Chuck DarwinFor decades, the right has targeted the protections of the 1965 Voting Rights Act, most visibly via court decisions, as well as spurious voter roll <a href="https://c.im/tags/purges" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#purges</a> and <a href="https://c.im/tags/gerrymandering" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#gerrymandering</a> efforts, which warp territorial districting law to divide opponents and consolidate supporters.One of the most reliable methods of suppression, though, is to tighten <a href="https://c.im/tags/voter" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#voter</a> <a href="https://c.im/tags/identification" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#identification</a> rules. Requiring <a href="https://c.im/tags/citizenship" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#citizenship</a> <a href="https://c.im/tags/paperwork" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#paperwork</a>, which many (fully eligible) citizens do not possess, leads to the emergence of a racially inflected pattern of <a href="https://c.im/tags/vote" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#vote</a> <a href="https://c.im/tags/suppression" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#suppression</a>. If you make voting as inconvenient and costly as possible, by default, some percentage of those who are short on money and time — people of color, students, low-income workers and others who juggle lots of obligations with few resources — will decide that getting to the polls just isn’t worth it. Maximizing this effect is the primary motive driving the rampant right-wing infringements on democratic participation, Trump’s latest order included.To justify these measures, the executive order 👉purports to combat large-scale voter fraud: ⚠️the familiar right-wing myth that millions of illicit votes are cast in the U.S., in numbers that could throw a presidential election. (The real nationwide illegal vote count is a few hundred, at most-- of those, quite a few were Trump voters.) The type of voter fraud claimed by the right is so vanishingly rare as to be an utterly negligible force in U.S. politics. If anything can be said to constitute actual substantive electoral fraud, it is the right’s systematic and wildly successful campaign to <a href="https://c.im/tags/obstruct" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#obstruct</a> voting rights.Trump’s order, while perhaps the most aggressive foray into voter suppression of late, is far from the only effort to impair democracy. 🔥Right now the SAVE Act is making its way through Congress; the Republican-sponsored legislation would alter registration procedures and demand proof of citizenship documents like a passport, birth certificate or naturalization certification. (As NPR reported, researchers have found that 👉 1 in 10 voting-eligible Americans don’t possess these documents.)❗️There’s notable overlap between the two efforts — the administration seems to be hedging its bets. “A lot of [the executive order] tracks pretty closely with what’s in the SAVE Act,” said Diaz. Should the SAVE Act fail, the executive order may allow “the White House to get around the congressional lawmaking process -- and do whatever they want.”<a href="https://truthout.org/articles/trump-assumes-unheard-of-powers-in-ordering-federal-overhaul-of-elections/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://truthout.org/articles/trump-assumes-unheard-of-powers-in-ordering-federal-overhaul-of-elections/</a>

PrivacyDigest<a href="https://mas.to/tags/Apple" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Apple</a> launches 'age assurance' tech as US states mull social media laws | ReutersFeb 27 (Reuters) - Apple Thursday said it will introduce a way for parents to share the age of a <a href="https://mas.to/tags/child" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#child</a> with app developers without revealing sensitive information such as <a href="https://mas.to/tags/birthdays" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#birthdays</a> or government <a href="https://mas.to/tags/identification" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#identification</a> numbers <a href="https://mas.to/tags/privacy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#privacy</a> <a href="https://mas.to/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#security</a> <a href="https://mas.to/tags/ageverification" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ageverification</a> <a href="https://mas.to/tags/socialmedia" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#socialmedia</a> <a href="https://www.reuters.com/technology/apple-launches-age-assurance-tech-us-states-mull-social-media-laws-2025-02-27/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.reuters.com/technology/apple-launches-age-assurance-tech-us-states-mull-social-media-laws-2025-02-27/</a>

Jenny MathiassonWhat a week! It's been a teaching/speaking heavy one for me as I delivered some training on the identification and care of wood in collections yesterday (which I'd like to think turned out well enough), and spoke to conservation students at Lincoln University about podcasting today. 🪵🎙️Speaking of which, we're recording some new podcast material soon as well!<a href="https://glammr.us/tags/collections" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#collections</a> <a href="https://glammr.us/tags/museums" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#museums</a> <a href="https://glammr.us/tags/wood" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#wood</a> <a href="https://glammr.us/tags/identification" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#identification</a> <a href="https://glammr.us/tags/events" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#events</a> <a href="https://glammr.us/tags/training" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#training</a> <a href="https://glammr.us/tags/workshops" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#workshops</a> <a href="https://glammr.us/tags/talks" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#talks</a> <a href="https://glammr.us/tags/wooden" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#wooden</a> <a href="https://glammr.us/tags/conservation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#conservation</a> <a href="https://glammr.us/tags/CollectionsCare" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CollectionsCare</a>

Ryan HodnettDoes anyone know what this is? It was in shallow water in a pond in Norway.<a href="https://mastodon.world/tags/Unidentified" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Unidentified</a> <a href="https://mastodon.world/tags/Identification" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Identification</a> <a href="https://mastodon.world/tags/ArtWithOpenSource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ArtWithOpenSource</a> <a href="https://mastodon.world/tags/Darktable" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Darktable</a> <a href="https://mastodon.world/tags/CCBYSA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CCBYSA</a> <a href="https://mastodon.world/tags/Nature" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Nature</a> <a href="https://mastodon.world/tags/NaturePhotography" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#NaturePhotography</a> <a href="https://mastodon.world/tags/Photography" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Photography</a>

AnthonySi un·e naturaliste peut m'identifier ce cri d'oiseau à (environ 1s / 7s puis 17s). Entendu ce matin vers 10h dans un massif du Gard (essentiellement de chênes verts). L'appli me dit qu'il y a des geais des chênes (ça ok, j'ai bien entendu) mais j'ai un doute pour ce cri qui se répète à intervalle plus longue.Une idée <a href="https://cirtensis.net/channel/lautfille" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@lautfille</a> ?<a href="https://piaille.fr/tags/identification" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#identification</a> <a href="https://piaille.fr/tags/oiseau" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#oiseau</a> <a href="https://piaille.fr/tags/bird" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#bird</a> <a href="https://piaille.fr/tags/faune" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#faune</a> <a href="https://piaille.fr/tags/Gard" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Gard</a> <a href="https://piaille.fr/tags/Occitanie" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Occitanie</a>

Erik van Straten<a href="https://mastodon.social/@dianasusanti" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@dianasusanti</a> : very good! It would help if more people did that.Of course "avast-pdq dot com" sounds weird, but these scammers also had: (or still have, I'm not sure): avast-antivirus dot com(see <a href="https://www.virustotal.com/gui/domain/avast-antivirus.com/summary" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.virustotal.com/gui/domain/avast-antivirus.com/summary</a>).HOWEVER: it is too hard for most people and simply insufficient. There are a lot of fake webshops, of whom you don't know the domain name in advance.A domain name is a *unique* identification (good!) but it does *not* identify (bad!) who is responsible for a website.Certificates *used* to provide that information, but Big Tech insisted on "simpler", in fact anonymous, certificates - as can be seen below. There is *no* information regarding the owner of the website, including their country of jurisdiction.We were used to visit shops in streets. It is extremely hard to run a fake physical shop (or bank with a counter and employees), while it is incredibly easy to create an anonymous website that may mimic everything the scammers want.Perhaps there were more scammers on pasars (markets) because a new salesperson can appear any day - possibly without permits. Doing that in an actual building is harder.P.S. a site to look up certificates is <a href="https://crt.sh" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://crt.sh</a> (example: <a href="https://crt.sh/?q=google-ivi.com" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://crt.sh/?q=google-ivi.com</a>).<a href="https://infosec.exchange/tags/DVCerts" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DVCerts</a> <a href="https://infosec.exchange/tags/DomainValidated" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DomainValidated</a> <a href="https://infosec.exchange/tags/Certificates" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Certificates</a> <a href="https://infosec.exchange/tags/Identification" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Identification</a> <a href="https://infosec.exchange/tags/Authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Authentication</a> <a href="https://infosec.exchange/tags/Impersonation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Impersonation</a>

Gen_G ⏚<a href="https://mamot.fr/tags/Activit%C3%A9PhysiqueQuotidienne" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ActivitéPhysiqueQuotidienne</a> (ou presque) <a href="https://mamot.fr/tags/Marche" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Marche</a> <a href="https://mamot.fr/tags/PaysHorloger" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PaysHorloger</a> <a href="https://mamot.fr/tags/Doubs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Doubs</a> <a href="https://mamot.fr/tags/Paysage" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Paysage</a> Lundi j'ai passé mon tour, mais hier j'ai fait une balade sympa sur les hauteurs, entre pâturages et forêt et sur un long de sentier de crête.Si quelqu'un s'y connaît en <a href="https://mamot.fr/tags/identification" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#identification</a> de fèces en plusieurs sections, je suis preneuse. Canidé ou félidé ?

Y⃒̸̷̝̜̙ͥͥͥngmarSOLVED: See bottom of thread.It's about 30cm wide, has two independently rotating ceramic rollers with electrical heating spirals inside. But the routing of the wires restricts the turning of the rollers severely, so they can only rotate about 30°.There's some elaborate ceramic covers on the wires and a metal tray for catching something between the legs.It's clean, doesn't look like it was used for food. Maybe <a href="https://social.tchncs.de/tags/sewing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#sewing</a>? I have absolutely no idea!<a href="https://social.tchncs.de/tags/WhatIsThis" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#WhatIsThis</a> <a href="https://social.tchncs.de/tags/Mystery" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Mystery</a> <a href="https://social.tchncs.de/tags/Identification" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Identification</a>

Schneier on Security RSSGoogle Is Allowing Device FingerprintingLukasz Olejnik writes about device fingerprinting, and why Google’s policy change to allow it in 2025 is a majo... <a href="https://www.schneier.com/blog/archives/2025/01/google-is-allowing-device-fingerprinting.html" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.schneier.com/blog/archives/2025/01/google-is-allowing-device-fingerprinting.html</a> <a href="https://burn.capital/tags/datacollection" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#datacollection</a> <a href="https://burn.capital/tags/identification" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#identification</a> <a href="https://burn.capital/tags/Uncategorized" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Uncategorized</a> <a href="https://burn.capital/tags/fingerprints" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#fingerprints</a> <a href="https://burn.capital/tags/tracking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#tracking</a> <a href="https://burn.capital/tags/privacy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#privacy</a> <a href="https://burn.capital/tags/Google" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Google</a>

PrivacyDigestNew year, new ID? Here's the deadline to get the <a href="https://mas.to/tags/RealID" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#RealID</a> and why you need one The federal Real ID Act will take effect May 7, meaning a standard state-issued driver's license or <a href="https://mas.to/tags/identification" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#identification</a> card will no longer get people through airport <a href="https://mas.to/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#security</a> or into federal buildings. <a href="https://mas.to/tags/id" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#id</a> <a href="https://mas.to/tags/driverslicense" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#driverslicense</a>Los Angeles Times: <a href="https://apple.news/ASzzT4I9_TdWml7Ol6GRBAA" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://apple.news/ASzzT4I9_TdWml7Ol6GRBAA</a>

Apokrif<a href="https://pouet.chapril.org/tags/Identification" class="mention hashtag" rel="tag">#Identification</a> <a href="https://pouet.chapril.org/tags/morts" class="mention hashtag" rel="tag">#morts</a> <a href="https://pouet.chapril.org/tags/Syrie" class="mention hashtag" rel="tag">#Syrie</a> <a href="https://www.francetvinfo.fr/monde/syrie/chute-de-bachar-al-assad/document-franceinfo-comment-voulez-vous-les-reconnaitre-ils-ont-des-trous-a-la-place-des-yeux-dans-l-enfer-des-morgues-de-damas-ou-les-syriens-tentent-d-identifier-leurs-proches-disparus_6961235.html" target="_blank" rel="nofollow noopener noreferrer" translate="no">https://www.francetvinfo.fr/monde/syrie/chute-de-bachar-al-assad/document-franceinfo-comment-voulez-vous-les-reconnaitre-ils-ont-des-trous-a-la-place-des-yeux-dans-l-enfer-des-morgues-de-damas-ou-les-syriens-tentent-d-identifier-leurs-proches-disparus_6961235.html</a>

loganer<a href="https://mastodon.social/tags/Bug" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Bug</a> <a href="https://mastodon.social/tags/Canada" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Canada</a> <a href="https://mastodon.social/tags/Aylmer" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Aylmer</a> <a href="https://mastodon.social/tags/Ontario" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Ontario</a> <a href="https://mastodon.social/tags/Identification" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Identification</a> I have never seen anything like this before. some kind of spider/stick bug hybrid?

talaDrôle de mouche à tête jaune presque de la taille d'une abeille charpentière. Visiblement une tachina grossa ? <a href="https://pouet.chapril.org/tags/insects" class="mention hashtag" rel="tag">#insects</a> <a href="https://pouet.chapril.org/tags/insectes" class="mention hashtag" rel="tag">#insectes</a> <a href="https://pouet.chapril.org/tags/identification" class="mention hashtag" rel="tag">#identification</a>

Erik van Straten🌘DV-CERT MIS-ISSUANCE INCIDENTS🌒 🧵#3/3Note: this list (in reverse chronological order) is probably incomplete; please respond if you know of additional incidents!2024-07-31 "Sitting Ducks" attacks/DNS hijacks: mis-issued certificates for possibly more than 35.000 domains by Let’s Encrypt and DigiCert: <a href="https://blogs.infoblox.com/threat-intelligence/who-knew-domain-hijacking-is-so-easy/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://blogs.infoblox.com/threat-intelligence/who-knew-domain-hijacking-is-so-easy/</a> (src: <a href="https://www.bleepingcomputer.com/news/security/sitting-ducks-dns-attacks-let-hackers-hijack-over-35-000-domains/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.bleepingcomputer.com/news/security/sitting-ducks-dns-attacks-let-hackers-hijack-over-35-000-domains/</a>)2024-07-23 Let's Encrypt mis-issued 34 certificates,revokes 27 for dydx.exchange: see 🧵#2/3 in this series of toots2023-11-03 jabber.ru MitMed/AitMed in German hosting center <a href="https://notes.valdikss.org.ru/jabber.ru-mitm/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://notes.valdikss.org.ru/jabber.ru-mitm/</a>2023-11-01 KlaySwap en Celer Bridge BGP-hijacks described <a href="https://www.certik.com/resources/blog/1NHvPnvZ8EUjVVs4KZ4L8h-bgp-hijacking-how-hackers-circumvent-internet-routing-security-to-tear-the" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.certik.com/resources/blog/1NHvPnvZ8EUjVVs4KZ4L8h-bgp-hijacking-how-hackers-circumvent-internet-routing-security-to-tear-the</a>2023-09-01 Biggest BGP Incidents/BGP-hijacks/BGP hijacks <a href="https://blog.lacnic.net/en/routing/a-brief-history-of-the-internets-biggest-bgp-incidents" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://blog.lacnic.net/en/routing/a-brief-history-of-the-internets-biggest-bgp-incidents</a>2022-09-22 BGP-hijack mis-issued GoGetSSL DV certificate <a href="https://arstechnica.com/information-technology/2022/09/how-3-hours-of-inaction-from-amazon-cost-cryptocurrency-holders-235000/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://arstechnica.com/information-technology/2022/09/how-3-hours-of-inaction-from-amazon-cost-cryptocurrency-holders-235000/</a>2022-09-09 Celer Bridge incident analysis <a href="https://www.coinbase.com/en-nl/blog/celer-bridge-incident-analysis" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.coinbase.com/en-nl/blog/celer-bridge-incident-analysis</a>2022-02-16 Crypto Exchange KLAYswap Loses $1.9M After BGP Hijack <a href="https://www.bankinfosecurity.com/crypto-exchange-klayswap-loses-19m-after-bgp-hijack-a-18518" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.bankinfosecurity.com/crypto-exchange-klayswap-loses-19m-after-bgp-hijack-a-18518</a>🌘BACKGROUND INFO🌒 2024-08-01 "Cloudflare once again comes under pressure for enabling abusive sites (Dan Goodin - Aug 1, 2024) <a href="https://arstechnica.com/security/2024/07/cloudflare-once-again-comes-under-pressure-for-enabling-abusive-sites/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://arstechnica.com/security/2024/07/cloudflare-once-again-comes-under-pressure-for-enabling-abusive-sites/</a>2018-08-15 Usenix-18: "Bamboozling Certificate Authorities with BGP" <a href="https://www.usenix.org/conference/usenixsecurity18/presentation/birge-lee" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.usenix.org/conference/usenixsecurity18/presentation/birge-lee</a>Edited 2024-09-05 14:19 UTC: corrected the link for the "jabber.ru" incident.<a href="https://infosec.exchange/tags/DV" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DV</a> <a href="https://infosec.exchange/tags/LE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#LE</a> <a href="https://infosec.exchange/tags/LetsEncrypt" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#LetsEncrypt</a> <a href="https://infosec.exchange/tags/Certificates" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Certificates</a> <a href="https://infosec.exchange/tags/Certs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Certs</a> <a href="https://infosec.exchange/tags/Misissuance" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Misissuance</a> <a href="https://infosec.exchange/tags/Mis_issuance" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Mis_issuance</a> <a href="https://infosec.exchange/tags/Revocation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Revocation</a> <a href="https://infosec.exchange/tags/Revoked" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Revoked</a> <a href="https://infosec.exchange/tags/Weaknessess" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Weaknessess</a> <a href="https://infosec.exchange/tags/WeakCertificates" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#WeakCertificates</a> <a href="https://infosec.exchange/tags/WeakAuthentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#WeakAuthentication</a> <a href="https://infosec.exchange/tags/Authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Authentication</a> <a href="https://infosec.exchange/tags/Impersonation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Impersonation</a> <a href="https://infosec.exchange/tags/Identification" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Identification</a> <a href="https://infosec.exchange/tags/Infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Infosec</a> <a href="https://infosec.exchange/tags/DNS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DNS</a> <a href="https://infosec.exchange/tags/DNSHijacks" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DNSHijacks</a> <a href="https://infosec.exchange/tags/SquareSpace" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SquareSpace</a> <a href="https://infosec.exchange/tags/Authorization" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Authorization</a> <a href="https://infosec.exchange/tags/UnauthorizedChanges" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#UnauthorizedChanges</a> <a href="https://infosec.exchange/tags/UnauthorizedModifications" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#UnauthorizedModifications</a> <a href="https://infosec.exchange/tags/DeFi" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DeFi</a> <a href="https://infosec.exchange/tags/dydx_exchange" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#dydx_exchange</a> <a href="https://infosec.exchange/tags/CryptoCoins" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CryptoCoins</a>

Erik van Straten🌘DV-CERT MIS-ISSUANCES & OCSP ENDING🌒 🧵#1/3On Jul 23, 2024, Josh Aas of Let's Encrypt wrote, while his nose was growing rapidly:<<< Intent to End OCSP Service [...] We plan to end support for OCSP primarily because it represents a considerable risk to privacy on the Internet. [...] CRLs do not have this issue. >>> <a href="https://letsencrypt.org/2024/07/23/replacing-ocsp-with-crls.html" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://letsencrypt.org/2024/07/23/replacing-ocsp-with-crls.html</a>🚨 On THAT SAME DAY, Jul 23, 2024, LE (Let's Encrypt) issued at least 34 certs (certificates) for [*.]dydx.exchange to cybercriminals, of which LE revoked 27 mis-issued certs approximately 6.5 hours later.Note that falsified DNS records may instruct DNS caching servers to retain entries for a long time; therefore speedy revocation helps reducing the number of victims.Apart from this mis-issuance *blunder*, CRL's have HUGE issues that Josh does not mention: they are SSSLLLOOOWWW and files are potentially huge - while OCSP is instantaneous and uses little bandwith.🌘NO OCSP INCREASES INTERNET RISKS🌒 If LE quits OCSP support, the average risk of using the internet will *increase*.🌘LIES🌒 Furthermore, the privacy argument is mostly moot, as nearly every website makes people's browsers connect to domains owned by Google (and even let's those browsers execute Javascript from third party servers, allowing nearly unlimited espionage). In addition, IP-addresses are sent in the plain anyway (📎).(📎 When using a VPN, source and destination IP-addresses *within the tunnel* are not visible for anyone with access to the *outside* of the tunnel - but they are sent in the plain between the end of the tunnel and the actual server.)Worse, the remote endpoint of your E2EE https connection increasingly often is *not* the actual server (that website was moved to sombody else's server in the cloud anyway), but a CDN proxy server which has the ability to monitor everything you do (unencrypting your data: three letter agencies love it, FISA section 702 grants them unlimmited access - without anyone informing you).🤷 LE may try to blame others for their mis-issuance blunder, but *THEY* chose to use old, notoriously untrustworthy, internet protocols (BGP and DNS, including database records - that DNSSEC will never protect) as the basis for authentication. By making that choice, LE and other DV cert suppliers were simply ASKING for trouble.🔓 In fact, the promise that Let's Encrypt would make the internet safer was misleading from the start: domain names are mostly meaningless to users, 100% fault intolerant, unpredictable and easily forgotten. If your browser is communicating with a malicious server, encryption is pointless.Josh, stop lying to us; your motives are purely economical.🌘CORRUPT: BIG TECH FACILITATES CRIME🌒 DV-certs were heavily promoted by Google (not for phun but for profit) after their researchers "proved" that it was possible to show misleasing identification information in the browser's address bar after certificate mis-issuance (the "Stripe, Inc" incident, <a href="https://arstechnica.com/information-technology/2017/12/nope-this-isnt-the-https-validated-stripe-website-you-think-it-is/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://arstechnica.com/information-technology/2017/12/nope-this-isnt-the-https-validated-stripe-website-you-think-it-is/</a>).This message was repeated by many specialists (e.g. <a href="https://www.troyhunt.com/paypals-beautiful-demonstration-of-extended-validation-fud/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.troyhunt.com/paypals-beautiful-demonstration-of-extended-validation-fud/</a>) with stupid arguments: certificates do NOT directly warrant reliable websites.OV and EV certificates, and QWAC's, more or less reliably, warrant *WHO OWNS* a domain name. That means that users know *who* they're doing business with, can depend on their reputation and can sue them if they violate laws."Of course" Google recently lost trust in Entrust for mis-issuing certificates (<a href="https://security.googleblog.com/2024/06/sustaining-digital-certificate-security.html" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://security.googleblog.com/2024/06/sustaining-digital-certificate-security.html</a>).Meanwhile the internet has become a corrupt and criminal mess; its users get to see misleading identification info in their browser's address bar WAY MORE OFTEN, e.g. https:⁄⁄us–usps–ny.com (for loads of examples see <a href="https://www.virustotal.com/gui/ip-address/188.114.96.0/relations" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.virustotal.com/gui/ip-address/188.114.96.0/relations</a>; tap ••• a couple of times).Supporting DN's like "ing–movil.com" and "m–santander.de" *is* facilitating cybercrime, by repeatedly mis-issuing certs for them (see <a href="https://crt.sh/?q=ing-movil.com" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://crt.sh/?q=ing-movil.com</a> and <a href="https://crt.sh/?q=m-santander.de" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://crt.sh/?q=m-santander.de</a>) and by letting them hide behind a CDN (see <a href="https://www.virustotal.com/gui/domain/ing-movil.com/details" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.virustotal.com/gui/domain/ing-movil.com/details</a> and <a href="https://www.virustotal.com/gui/domain/m-santander.de/details" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.virustotal.com/gui/domain/m-santander.de/details</a>).In addition, *thousands* of DV-certs have been mis-issued - without *their* issuers getting distrusted by Google, Microsoft, Apple and Mozilla.People have their bank accounts drained and companies get slammed with ransomware because of this.But no Big Tech company (including the likes of Cloudflare) takes ANY responsibility; they make Big Money by facilitating cybercrime. Not by issuing "free" DV-certs, but by selling domain names, server space and CDN functionality, and by letting browsers no longer distinguish between useful and useless certs. They've deliberately made the internet insecure *FOR PROFIT*.🌘CERT MIS-ISSUANCE ROOT CAUSE🌒 The mis-issuance of LE certs was caused by the unauthorized modification of customer DNS records managed by SquareSpace; this incident was further described in <a href="https://www.bleepingcomputer.com/news/security/defi-exchange-dydx-v3-website-hacked-in-dns-hijack-attack/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.bleepingcomputer.com/news/security/defi-exchange-dydx-v3-website-hacked-in-dns-hijack-attack/</a>.Note that a similar attack, also affecting SquareSpace customers, occurred on July 11, 2024 (see <a href="https://www.bleepingcomputer.com/news/security/dns-hijacks-target-crypto-platforms-registered-with-squarespace/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.bleepingcomputer.com/news/security/dns-hijacks-target-crypto-platforms-registered-with-squarespace/</a>). Even if it *looks like* that no certs were mis-issued during the July 11 incident, because (AFAIK) none of them have been revoked, this does not warrant that none of them were mis-issued; such certs can still be abused by attackers, albeit on a smaller scale.🌘MORE INFO🌒 Please find additional information in two followups of this toot:🧵#2/3 Extensive details regarding Mis-issued dydx.exchange certs on 2024-07-23;🧵#3/3 Links to descriptions of multiple other DV-cert mis-issuance issues.🌘DISCLAIMER🌒 I am not (and have never been) associated with any certificate supplier. My goal is to obtain a safer internet, in particular for users who are not forensic experts. It is *way* too hard for ordinary internet users to destinguish between 'fake' and 'authentic' on the internet. Something that, IMO, can an must significantly improve ASAP.Edited 08:16 UTC to add people: <a href="https://infosec.exchange/@troyhunt" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@troyhunt</a> <a href="https://infosec.exchange/@dangoodin" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@dangoodin</a> <a href="https://infosec.exchange/@BleepingComputer" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@BleepingComputer</a> <a href="https://infosec.exchange/@agl" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@agl</a> <a href="https://infosec.exchange/tags/DV" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DV</a> <a href="https://infosec.exchange/tags/LE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#LE</a> <a href="https://infosec.exchange/tags/LetsEncrypt" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#LetsEncrypt</a> <a href="https://infosec.exchange/tags/Certificates" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Certificates</a> <a href="https://infosec.exchange/tags/Certs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Certs</a> <a href="https://infosec.exchange/tags/Misissuance" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Misissuance</a> <a href="https://infosec.exchange/tags/Mis_issuance" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Mis_issuance</a> <a href="https://infosec.exchange/tags/Revocation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Revocation</a> <a href="https://infosec.exchange/tags/Revoked" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Revoked</a> <a href="https://infosec.exchange/tags/Weaknessess" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Weaknessess</a> <a href="https://infosec.exchange/tags/WeakCertificates" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#WeakCertificates</a> <a href="https://infosec.exchange/tags/WeakAuthentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#WeakAuthentication</a> <a href="https://infosec.exchange/tags/Authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Authentication</a> <a href="https://infosec.exchange/tags/Impersonation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Impersonation</a> <a href="https://infosec.exchange/tags/Identification" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Identification</a> <a href="https://infosec.exchange/tags/Infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Infosec</a> <a href="https://infosec.exchange/tags/DNS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DNS</a> <a href="https://infosec.exchange/tags/DNSHijacks" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DNSHijacks</a> <a href="https://infosec.exchange/tags/SquareSpace" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SquareSpace</a> <a href="https://infosec.exchange/tags/Authorization" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Authorization</a> <a href="https://infosec.exchange/tags/UnauthorizedChanges" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#UnauthorizedChanges</a> <a href="https://infosec.exchange/tags/UnauthorizedModifications" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#UnauthorizedModifications</a> <a href="https://infosec.exchange/tags/DeFi" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DeFi</a> <a href="https://infosec.exchange/tags/dydx_exchange" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#dydx_exchange</a> <a href="https://infosec.exchange/tags/CryptoCoins" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CryptoCoins</a>

Eric Maugendre<a href="https://social.coop/tags/work" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#work</a> <a href="https://social.coop/tags/workPlace" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#workPlace</a> <a href="https://social.coop/tags/safety" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#safety</a> <a href="https://social.coop/tags/workCulture" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#workCulture</a> <a href="https://social.coop/tags/platforming" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#platforming</a> <a href="https://social.coop/tags/workQuality" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#workQuality</a> <a href="https://social.coop/tags/mentalHealth" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#mentalHealth</a> <a href="https://social.coop/tags/capabilities" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#capabilities</a> <a href="https://social.coop/tags/career" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#career</a> <a href="https://social.coop/tags/organisations" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#organisations</a> <a href="https://social.coop/tags/status" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#status</a> <a href="https://social.coop/tags/recognition" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#recognition</a> <a href="https://social.coop/tags/anger" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#anger</a> <a href="https://social.coop/tags/frustration" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#frustration</a> <a href="https://social.coop/tags/meaning" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#meaning</a> <a href="https://social.coop/tags/identification" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#identification</a> <a href="https://social.coop/tags/disappointment" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#disappointment</a> <a href="https://social.coop/tags/needs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#needs</a> <a href="https://social.coop/tags/personal" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#personal</a>

Recherches récentes

Options de recherche

Administré par :

Statistiques du serveur :

#identification