|
Raymond T. Racing posted:YOSPOS CA is looking more and more likely publicly trusted shitposts
|
# ? May 3, 2024 15:19 |
|
|
# ? May 18, 2024 23:08 |
|
Antigravitas posted:YCAPOS is a bit hard to pronounce though. nah you just do it to the YMCA tune
|
# ? May 3, 2024 15:30 |
|
NoneMoreNegative posted:nah you just do it to the YMCA tune hell yeah
|
# ? May 3, 2024 15:31 |
|
Certainly Awful Certificate Authority (CACA) e: but YCAPOS still wins in my books digitalist fucked around with this message at 15:37 on May 3, 2024 |
# ? May 3, 2024 15:32 |
|
SA-CERT-POS
|
# ? May 3, 2024 15:40 |
|
|
# ? May 3, 2024 16:14 |
|
so e-commerce have been under scrutiny since early 2023. i was glancing at their certificate policy statement earlier and it was just worthless so i looked at their -certificate policy- instead and noted an issue it's a bunch of specific issues i got from just checking what -wasn't- mentioned in their changelogs that should have been. but anyway after that i took a break going back and then moving on a tiny bit: how the gently caress have they not been thrown out yet. i thought the 'not not' translation was bad enough e: ???????????????????????????????????????? Wiggly Wayne DDS fucked around with this message at 16:41 on May 3, 2024 |
# ? May 3, 2024 16:20 |
|
I'm starting to imagine YCAPOS as an oldschool cracking group with cool ASCII art but for CAs
|
# ? May 3, 2024 16:53 |
|
definitely a proprietary extension for an ANSI animation field
|
# ? May 3, 2024 16:56 |
|
digitalist posted:I'm starting to imagine YCAPOS as an oldschool cracking group with cool ASCII art but for CAs honestly I loving love this idea acme certs only plain text website "manage your account? no" "request delay of revocation? no"
|
# ? May 3, 2024 17:04 |
|
CSR must be included in an .nfo file.
|
# ? May 3, 2024 17:07 |
|
Subjunctive posted:definitely a proprietary extension for an ANSI animation field Raymond T. Racing posted:honestly I loving love this idea Antigravitas posted:CSR must be included in an .nfo file. We'll need some music people for chiptunes Wiggly Wayne DDS posted:so e-commerce have been under scrutiny since early 2023. i was glancing at their certificate policy statement earlier and it was just worthless so i looked at their -certificate policy- instead and noted an issue And English majors for understanding whatever the gently caress is going on in here
|
# ? May 3, 2024 17:27 |
|
What is CA? A miserable little pile of shell scripts.
|
# ? May 3, 2024 18:01 |
|
spankmeister posted:What is CA? A miserable little pile of shell scripts.
|
# ? May 3, 2024 18:06 |
|
Raymond T. Racing posted:honestly I loving love this idea
|
# ? May 3, 2024 18:14 |
|
I'll run the poo poo post transparency (SPT) log!
|
# ? May 3, 2024 18:27 |
|
spankmeister posted:What is CA? A miserable little pile of shell scripts. Beautiful. code:
Either that or I can just keep shitposting.
|
# ? May 3, 2024 18:36 |
|
yeah straight up good work to amir/wayne that's some serious digging y'all have done
|
# ? May 3, 2024 18:37 |
|
digitalist posted:On a slightly more serious note, Wayne/Amir/whoever, if you need an extra pair of eyes to read through some garbage I'd be happy to help out. I guess I could just pick a CA at random and start digging, I have a feeling it wouldn't be too difficult to find issues. you don't need to know the actual baseline requirements or individual root program policies for that, poo poo will jump out a mile. i hadn't read any of that 2 months ago anyway, i'm new too
|
# ? May 3, 2024 18:41 |
|
Wiggly Wayne DDS posted:i'll throw you in the deep-end, try and see what makes sense in this: https://service.globaltrust.eu/static/globaltrust-certificate-policy.pdf Is the CP 404ing a violation of BR?
|
# ? May 3, 2024 18:44 |
|
literally yes, IIRC
|
# ? May 3, 2024 18:45 |
|
digitalist posted:Is the CP 404ing a violation of BR? yeah I thought I was missing something unless that’s the joke
|
# ? May 3, 2024 18:45 |
|
drat we're good edit: Google turns this up, https://www.globaltrust.eu/static/globaltrust-certificate-policy.pdf
|
# ? May 3, 2024 18:47 |
|
the lmaos will continue until distrust occurs
|
# ? May 3, 2024 18:49 |
|
Captain Foo posted:the lmaos will continue until distrust occurs
|
# ? May 3, 2024 18:57 |
|
that copyright note on the very first loving page is….hmm, nope
|
# ? May 3, 2024 18:57 |
|
digitalist posted:Is the CP 404ing a violation of BR? quote:2.2 Publication of information
|
# ? May 3, 2024 18:59 |
|
lol, it's working now. I'll dig into this later this evening/weekend, I have actual work to do if you can believe it, in between shitposting that is This kind of stuff is actually related, a bit more on the periphery but still important/necessary to my 9 to 5, so happy to find an excuse to learn more about it.
|
# ? May 3, 2024 19:06 |
|
Captain Foo posted:the lmaos will continue until distrust occurs
|
# ? May 3, 2024 20:17 |
|
this thread has made me wonder if just anyone's dumb racist uncle can get into the root CA stores these days. frankly i trust the internet significantly less now
|
# ? May 3, 2024 20:36 |
|
Definite yes, also every state's national security apparatus which are 90% guys like that.
|
# ? May 3, 2024 20:39 |
|
we need a series of Wiggly Wayne reaction videos as he scrolls through bugzilla
|
# ? May 3, 2024 20:42 |
|
“random tiny company with keys to the whole web sucked me off?!?”
|
# ? May 3, 2024 21:05 |
|
when you click the about us page it just gives you the classic ascii middle finger
|
# ? May 3, 2024 21:27 |
|
Subjunctive posted:we need a series of Wiggly Wayne reaction videos as he scrolls through bugzilla wiggly wayne vtuber with the old wevie stonder avatar e: or maybe it was never wevie stonder? idk e2: this guy, didnt you used to have that for an avatar wayne? https://www.youtube.com/watch?v=vtnk26iyXYo
|
# ? May 3, 2024 21:34 |
|
Don't worry, the exec have been pitching some great ideas for how to deal with phishing lately like, 'serve all the text on the website as an image so phishers can't copy the text' and 'lets have a meeting with this security company who says that can add DRM to the site so people can't right-click save the website to make a copy' Phishing is an almost impossible problem to solve from a technical POV (outside of forcing everyone onto passkeys or some other hands-off domain specific credentials) and it's basically all on the users to not be tricked which you should always assume they will be at some point
|
# ? May 3, 2024 22:25 |
|
but it means we can pay money to knowb4, so
|
# ? May 3, 2024 22:30 |
|
Carthag Tuek posted:e2: this guy, didnt you used to have that for an avatar wayne? i tried to tackle what should be a very simple question about e-commerce monitoring GmbH "When do they handle revocation of a compromised certificate?": https://bugzilla.mozilla.org/show_bug.cgi?id=1862004#c13 e: also a tiny tiny tiny issue happened: IdenTrust: unintended creation of a Root CA certificate Wiggly Wayne DDS fucked around with this message at 22:38 on May 3, 2024 |
# ? May 3, 2024 22:36 |
|
Captain Foo posted:but it means we can pay money to knowb4, so our dumbass company signed up for some knowbe4 poo poo and they spammed everyone with a kevin mitnick video. everyone in the company reported it as phishing and they cancelled the training
|
# ? May 3, 2024 22:39 |
|
|
# ? May 18, 2024 23:08 |
|
Shaggar posted:our dumbass company signed up for some knowbe4 poo poo and they spammed everyone with a kevin mitnick video. everyone in the company reported it as phishing and they cancelled the training When they said Free Kevin Mitnick they meant it. You get one with every phishing test.
|
# ? May 3, 2024 22:41 |