Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://infosec.exchange/@0x40k" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>0x40k</span></a></span> well, <a href="https://infosec.space/tags/Microsoft" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Microsoft</span></a> to this day has a <a href="https://infosec.space/tags/Backdoor" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Backdoor</span></a> in the <a href="https://infosec.space/tags/CryptoAPI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CryptoAPI</span></a> that <a href="http://github.com/kkarhan/windows-ca-backdoor-fix" rel="nofollow noopener noreferrer" target="_blank">remains unfixed to this day</a>...</p><ul><li>And since Microsoft doesn't acknowledge the concept of <a href="https://infosec.space/tags/consent" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>consent</span></a> in <a href="https://infosec.space/tags/Windows" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Windows</span></a> (and doesn't even fake it!) and they are both <a href="https://infosec.space/tags/PRISM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PRISM</span></a> collaborators <em>AND</em> subject to <a href="https://infosec.space/tags/CloudAct" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CloudAct</span></a>, they <em><a href="https://infosec.space/tags/CantFix" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CantFix</span></a></em> & <em><a href="https://infosec.space/tags/WontFix" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>WontFix</span></a></em> it!</li></ul>
Recent searches
No recent searches
Search options
Only available when logged in.
mathstodon.xyz is one of the many independent Mastodon servers you can use to participate in the fediverse.
A Mastodon instance for maths people. We have LaTeX rendering in the web interface!
Administered by:
Server stats:
2.8Kactive users
mathstodon.xyz: About · Status · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.3.7
#cryptoapi
0 posts · 0 participants · 0 posts today
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://nrw.social/@roman78" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>roman78</span></a></span> <span class="h-card" translate="no"><a href="https://astronomy.social/@admin" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>admin</span></a></span> <span class="h-card" translate="no"><a href="https://nrw.social/@olifantenbaer" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>olifantenbaer</span></a></span> angesichts der Lücken in <a href="https://infosec.space/tags/CryptoAPI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CryptoAPI</span></a> inklusive <a href="https://infosec.space/tags/Backdoors" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Backdoors</span></a> ist das digitales <a href="https://infosec.space/tags/FlexTape" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FlexTape</span></a> bei durchgerrostetem Rohr...</p><ul><li>Hinzu kommt dass <a href="https://infosec.space/tags/WindowsUpdate" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>WindowsUpdate</span></a> entsprechende Einstellungen resetted.<a href="https://github.com/kkarhan/windows-ca-backdoor-fix" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/kkarhan/windows-ca-</span><span class="invisible">backdoor-fix</span></a></li></ul>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://social.tchncs.de/@gborn" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>gborn</span></a></span> <span class="h-card" translate="no"><a href="https://hessen.social/@MichaelD" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>MichaelD</span></a></span> <span class="h-card" translate="no"><a href="https://det.social/@Bundesligatrainer" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>Bundesligatrainer</span></a></span> <span class="h-card" translate="no"><a href="https://chaos.social/@Ihazchaos" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>Ihazchaos</span></a></span> nein, eben nicht.</p><p>Dass <a href="https://infosec.space/tags/Windows10" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Windows10</span></a> [und besonders <a href="https://infosec.space/tags/Windows11" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Windows11</span></a>] nicht <a href="https://infosec.space/tags/DSGVO" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DSGVO</span></a>- & <a href="https://infosec.space/tags/BDSG" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BDSG</span></a>-konform sein können ist <a href="https://www.lda.bayern.de/media/windows_10_report.pdf" rel="nofollow noopener noreferrer" target="_blank">evidenzierte Tatsache</a> und ich habe noch keine*n Anwält*in gesehen die etwas anderes behaupten und dafür im Zweifelsfalle auch die <a href="https://infosec.space/tags/Haftung" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Haftung</span></a> übernehmen würden.</p><ul><li><p>Wohingegen ich mir sicher bin dass <span class="h-card" translate="no"><a href="https://fosstodon.org/@SUSE" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>SUSE</span></a></span> & <span class="h-card" translate="no"><a href="https://ubuntu.social/@ubuntu" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>ubuntu</span></a></span> mir im Zweifelsfalle sogar ne <a href="https://infosec.space/tags/Versicherung" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Versicherung</span></a> der <a href="https://infosec.space/tags/Compliance" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Compliance</span></a> ab Werk anbieten würden, was <a href="https://infosec.space/tags/Microsoft" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Microsoft</span></a> aufgrund von <a href="https://infosec.space/tags/CloudAct" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CloudAct</span></a> inhärent nicht kann!</p></li><li><p>Außerdem verbietet sich das Procurement von Anbietern die in <em>"illegaler Agententätigkeit"</em> [u.a. <a href="https://infosec.space/tags/PRISM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PRISM</span></a>] involviert sind (!!!) schon aus oberflächlicher <em>due diligence</em>...</p></li></ul><p>Von <a href="https://github.com/kkarhan/windows-ca-backdoor-fix/" rel="nofollow noopener noreferrer" target="_blank">einfach ausnutzbaren</a> <a href="https://infosec.space/tags/Govware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Govware</span></a> - <a href="https://infosec.space/tags/Backdoors" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Backdoors</span></a> in der <a href="https://infosec.space/tags/CryptoAPI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CryptoAPI</span></a> unter <a href="https://infosec.space/tags/Windows" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Windows</span></a> hab ich noch garnicht angefangen! </p><ul><li>TLDR: <a href="https://infosec.space/tags/Windows" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Windows</span></a> gehört in den <a href="https://infosec.space/tags/M%C3%BCll" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Müll</span></a> und notfalls auf ne <a href="https://infosec.space/tags/airgapped" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>airgapped</span></a> Kiste bzw. <a href="https://infosec.space/tags/offline" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>offline</span></a> VM! Ich fass' den shice nicht an!!!</li></ul><p><a href="https://infosec.space/tags/EOD" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>EOD</span></a></p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://transfem.social/@puppygirlhornypost2" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>puppygirlhornypost2</span></a></span> <span class="h-card" translate="no"><a href="https://social.vlhl.dev/users/navi" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>navi</span></a></span> yeah, but that's a common problem based off <a href="https://infosec.space/tags/TechIlliteracy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TechIlliteracy</span></a> and lack of proper explaination!</p><ul><li>Given the <a href="https://infosec.space/tags/CryptoAPI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CryptoAPI</span></a> of <a href="https://infosec.space/tags/Windows" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Windows</span></a> is <a href="https://infosec.space/tags/backdoored" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>backdoored</span></a> for <a href="https://infosec.space/tags/Govware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Govware</span></a> [<a href="https://infosec.space/tags/NSAKEY_" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NSAKEY_</span></a> & <a href="https://infosec.space/tags/SSL" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SSL</span></a>-<a href="https://github.com/kkarhan/windows-ca-backdoor-fix" rel="nofollow noopener noreferrer" target="_blank">Updates</a> I'd consider <a href="https://infosec.space/tags/BitLocker" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BitLocker</span></a> insecure and the least of it's problems!</li></ul><p>Bonus points if <a href="https://infosec.space/tags/TPM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TPM</span></a> bs prevents <a href="https://infosec.space/tags/DataRecovery" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DataRecovery</span></a>.</p><ul><li>My biggest problem with <a href="https://infosec.space/tags/FDE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FDE</span></a>/ <a href="https://infosec.space/tags/FullDiskEncryption" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FullDiskEncryption</span></a> is that is mandates direct access to a system to authenticate, thus one needs to manually mount stuff on servers post-boot instead.</li></ul>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://goatdaddy.net/profile/vvelox" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>vvelox</span></a></span> <span class="h-card" translate="no"><a href="https://infosec.exchange/@SecurityWriter" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>SecurityWriter</span></a></span> I trust noone, but unlike <a href="https://infosec.space/tags/Microsoft" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Microsoft</span></a>, <a href="https://infosec.space/tags/RedHad" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RedHad</span></a> didn't betray it's paying customers by literally shoving <a href="https://infosec.space/tags/Govware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Govware</span></a> <a href="https://infosec.space/tags/Backdoors" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Backdoors</span></a> into critical compontents like the <a href="https://infosec.space/tags/CryptoAPI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CryptoAPI</span></a>... </p><p><a href="https://github.com/kkarhan/windows-ca-backdoor-fix" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/kkarhan/windows-ca-</span><span class="invisible">backdoor-fix</span></a></p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://mas.to/@tokyo_0" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>tokyo_0</span></a></span> <a href="https://infosec.space/tags/TrueCrypt" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TrueCrypt</span></a> is <a href="https://infosec.space/tags/abandonware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>abandonware</span></a> with serious security issues. </p><ul><li><em>DO NOT USE TRUECRYPT FFS!!!</em></li></ul><p>Use <a href="https://infosec.space/tags/VeraCrypt" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>VeraCrypt</span></a> or even better: migrate machines to <a href="https://infosec.space/tags/Linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Linux</span></a> and use <a href="https://infosec.space/tags/LUKS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>LUKS</span></a> / <a href="https://infosec.space/tags/dmcrypt" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>dmcrypt</span></a> instead, as it's the best option at hand.</p><ul><li>If you need to shuttle data to <a href="https://infosec.space/tags/Windows" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Windows</span></a> and <a href="https://infosec.space/tags/macOS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>macOS</span></a> machines and using <a href="https://infosec.space/tags/SFTP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SFTP</span></a> / <a href="https://infosec.space/tags/SSHFS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SSHFS</span></a> to mount a secure storage over the network isn't an option, than you're stuck with VeraCrypt, as <a href="https://infosec.space/tags/Windows" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Windows</span></a>' <a href="https://infosec.space/tags/CryptoAPI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CryptoAPI</span></a> is evidently <a href="https://infosec.space/tags/backdoored" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>backdoored</span></a> to the point that every <a href="https://infosec.space/tags/Browser" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Browser</span></a> except <a href="https://infosec.space/tags/Firefox" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Firefox</span></a> is susceptible to <a href="https://infosec.space/tags/SSL" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SSL</span></a> hijacking with background updates...</li></ul><p><a href="https://github.com/kkarhan/windows-ca-backdoor-fix" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/kkarhan/windows-ca-</span><span class="invisible">backdoor-fix</span></a></p>
xoron :verified:<p>"Encryption at Rest" for JavaScript Projects</p><p>Following a previous post (<a href="https://infosec.exchange/@xoron/113446067764347249" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">infosec.exchange/@xoron/113446</span><span class="invisible">067764347249</span></a>), which can be summarized as: I'm tackling state management with an extra twist: integrating encryption at rest!</p><p>I created some updates to the WIP pull-request. The behavior is as follows.</p><p>- The user is prompted for a password if one isn't provided programmatically.<br> - This will allow for developers to create a custom password prompts in their application. The default fallback is to use a JavaScript prompt().<br> - It also seems possible to enable something like "fingerprint/face encryption" for some devices using the webauthn api. (This works, but the functionality is a bit flaky and needs to be fixed before rolling out.)<br>- Using AES-GCM with 1000000 iterations of PBKDF2 to derive the key from the password.<br> - The iterations can be increased in exchange for slower performance. It isn't currently configurable, but it might be in the future.<br> - The salt and AAD need to be deterministic and so to simplify user input, the salt as AAD are derived as the sha256 hash of the password. (Is this a good idea?)</p><p>The latest version of the code can be seen in the PR: <a href="https://github.com/positive-intentions/dim/pull/9" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/positive-intentions</span><span class="invisible">/dim/pull/9</span></a></p><p>I'm keen to get feedback on the approach and the implementation before i merge it into the main branch.</p><p><a href="https://infosec.exchange/tags/JavaScript" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>JavaScript</span></a> <a href="https://infosec.exchange/tags/Encryption" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Encryption</span></a> <a href="https://infosec.exchange/tags/IndexedDB" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>IndexedDB</span></a> <a href="https://infosec.exchange/tags/WebDevelopment" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>WebDevelopment</span></a> <a href="https://infosec.exchange/tags/CryptoAPI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CryptoAPI</span></a> <a href="https://infosec.exchange/tags/FrontendDev" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FrontendDev</span></a> <a href="https://infosec.exchange/tags/ReactHooks" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ReactHooks</span></a> <a href="https://infosec.exchange/tags/StateManagement" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>StateManagement</span></a> <a href="https://infosec.exchange/tags/WebSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>WebSecurity</span></a> <a href="https://infosec.exchange/tags/OpenSource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenSource</span></a> <a href="https://infosec.exchange/tags/PersonalProjects" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PersonalProjects</span></a></p>
xoron :verified:<p>"Encryption at Rest" for JavaScript Projects</p><p>I'm developing a JavaScript UI framework for personal projects, and I'm tackling state management with an extra twist: integrating encryption at rest!</p><p>Inspired by this React Hook: Async State Management (<a href="https://positive-intentions.com/blog/async-state-management" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">positive-intentions.com/blog/a</span><span class="invisible">sync-state-management</span></a>), I’m extending it to support encrypted persistent data. Here's how:</p><p>✨ The Approach:</p><p>Using IndexedDB for storage.</p><p>Data is encrypted before saving and decrypted when loading using the Browser Cryptography API.</p><p>Event listeners will also be encrypted/decrypted to avoid issues like browser extensions snooping on events.</p><p>The password (should never be stored) is entered by the user at runtime to decrypt the data. (Currently hardcoded for now!)</p><p>The salt will be stored unencrypted in IndexedDB to generate the key.</p><p>🔗 Proof of Concept:<br>You can try it out here: GitHub PR (<a href="https://github.com/positive-intentions/dim/pull/8" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/positive-intentions</span><span class="invisible">/dim/pull/8</span></a>). Clone or run it in Codespaces and let me know what you think!</p><p>❓ Looking for Feedback:<br>Have I missed anything? Are there better ways to make this storage secure?</p><p>Let's make secure web UIs a reality together! 🔒</p><p><a href="https://infosec.exchange/tags/JavaScript" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>JavaScript</span></a> <a href="https://infosec.exchange/tags/Encryption" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Encryption</span></a> <a href="https://infosec.exchange/tags/IndexedDB" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>IndexedDB</span></a> <a href="https://infosec.exchange/tags/WebDevelopment" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>WebDevelopment</span></a> <a href="https://infosec.exchange/tags/CryptoAPI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CryptoAPI</span></a> <a href="https://infosec.exchange/tags/FrontendDev" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FrontendDev</span></a> <a href="https://infosec.exchange/tags/ReactHooks" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ReactHooks</span></a> <a href="https://infosec.exchange/tags/StateManagement" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>StateManagement</span></a> <a href="https://infosec.exchange/tags/WebSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>WebSecurity</span></a> <a href="https://infosec.exchange/tags/OpenSource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenSource</span></a> <a href="https://infosec.exchange/tags/PersonalProjects" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PersonalProjects</span></a></p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://mstdn.social/@rysiek" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>rysiek</span></a></span> <a href="https://infosec.space/tags/Microsoft" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Microsoft</span></a> blaming the <a href="https://infosec.space/tags/EU" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>EU</span></a> for <a href="https://infosec.space/tags/CrowdStrike" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CrowdStrike</span></a> when the most affected customers are <a href="https://infosec.space/tags/Airlines" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Airlines</span></a> from the <a href="https://infosec.space/tags/USA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>USA</span></a> that don't eben service Airports in <a href="https://infosec.space/tags/Europe" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Europe</span></a> <em>at all</em> is the biggest <em>insult to the intellect of everyone</em> since they denied <a href="https://infosec.space/tags/_NSAKEY" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>_NSAKEY</span></a> and their <a href="https://infosec.space/tags/CryptoAPI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CryptoAPI</span></a> <a href="https://infosec.space/tags/backdoor" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>backdoor</span></a>:</p><p><a href="https://github.com/kkarhan/windows-ca-backdoor-fix" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/kkarhan/windows-ca-</span><span class="invisible">backdoor-fix</span></a></p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://infosec.exchange/@malwaretech" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>malwaretech</span></a></span> thanks for adding another legendary <a href="https://infosec.space/tags/ITsec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ITsec</span></a> <a href="https://infosec.space/tags/fuckup" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>fuckup</span></a> by <a href="https://infosec.space/tags/Microsoft" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Microsoft</span></a> to the long list of *"<a href="https://infosec.space/tags/WontFix" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>WontFix</span></a>" <a href="https://infosec.space/tags/Exploits" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Exploits</span></a> that prevent me from even touching <a href="https://infosec.space/tags/Windows" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Windows</span></a> at all...</p><p>If a literal <a href="https://infosec.space/tags/Govware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Govware</span></a> <a href="https://infosec.space/tags/Backdoor" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Backdoor</span></a> in the <a href="https://infosec.space/tags/CryptoAPI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CryptoAPI</span></a> <a href="https://github.com/kkarhan/windows-ca-backdoor-fix" rel="nofollow noopener noreferrer" target="_blank">wasn't worse enough already</a>...</p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://infosec.exchange/@bojkotiMalbona" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>bojkotiMalbona</span></a></span> <span class="h-card" translate="no"><a href="https://mas.to/@diebarschlampe" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>diebarschlampe</span></a></span> <span class="h-card" translate="no"><a href="https://hackers.town/@lmorchard" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>lmorchard</span></a></span> <span class="h-card" translate="no"><a href="https://linuxmom.net/@vkc" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>vkc</span></a></span> <em>nodds in agreement</em></p><p>I hate the <a href="https://infosec.space/tags/GAFAM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GAFAM</span></a>-driven <a href="https://infosec.space/tags/Enshittification" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Enshittification</span></a> and the <a href="https://infosec.space/tags/Microsoft" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Microsoft</span></a> tech stack.</p><ul><li>I can accept it when someone needs something specific, but <em>every single time</em> I asked people who claimed they need i.e. <a href="https://infosec.space/tags/Excel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Excel</span></a> they refused to tell me what they use it for or what function they need <a href="https://infosec.space/tags/LibreOffice" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>LibreOffice</span></a> doesn't offer them.</li></ul><p>I get hired and paid to prevent <a href="https://infosec.space/tags/LockIn" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>LockIn</span></a> effects and to enshure <a href="https://infosec.space/tags/ITsec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ITsec</span></a> is up to code, but that necessitates not surrendering to <a href="https://infosec.space/tags/PRISM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PRISM</span></a>-Collaborators and <a href="https://infosec.space/tags/Govware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Govware</span></a> integrators...</p><ul><li>As shitty as <a href="https://infosec.space/tags/IBM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>IBM</span></a> & <a href="https://infosec.space/tags/RedHat" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RedHat</span></a> are, <a href="https://infosec.space/tags/RHEL" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RHEL</span></a> at least doesn't come with a <a href="https://infosec.space/tags/backdoored" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>backdoored</span></a> <a href="https://infosec.space/tags/CryptoAPI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CryptoAPI</span></a> that they refuse to acknowledge or fix - unlike <a href="https://infosec.space/tags/Windows" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Windows</span></a>!<a href="https://github.com/kkarhan/windows-ca-backdoor-fix" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/kkarhan/windows-ca-</span><span class="invisible">backdoor-fix</span></a></li></ul>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://infosec.exchange/@happygeek" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>happygeek</span></a></span> <em>Morpheus Voice</em> "What if I told you it *never*was safe to begin with?</p><p>Cuz <a href="https://infosec.space/tags/Microsoft" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Microsoft</span></a> not only is a <a href="https://infosec.space/tags/PRISM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PRISM</span></a> collaborator but also knowingly leaves <a href="https://infosec.space/tags/Govware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Govware</span></a> <a href="https://infosec.space/tags/Backdoors" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Backdoors</span></a> open and refuses to fix known issues.</p><ul><li>Like the <a href="https://infosec.space/tags/CryptoAPI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CryptoAPI</span></a> <a href="https://infosec.space/tags/backdoor" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>backdoor</span></a> that is <a href="https://www.heise.de/ct/ausgabe/2013-17-Zweifelhafte-Updates-gefaehrden-SSL-Verschluesselung-2317589.html" rel="nofollow noopener noreferrer" target="_blank">> 11 years old now</a>...</li></ul><p>And the only <em>"<a href="https://github.com/kkarhan/windows-ca-backdoor-fix/" rel="nofollow noopener noreferrer" target="_blank">fix</a>"</em> isn't even persistent but easy to backroll by <a href="https://infosec.space/tags/WindowsUpdate" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>WindowsUpdate</span></a> or it's subsystem...</p><p>It doesn't even require elevated privilegues on the machine to exploit, just malformed / hijacked <a href="https://infosec.space/tags/DNS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DNS</span></a> as Microsoft doesn't check it's <a href="https://infosec.space/tags/SSL" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SSL</span></a> <a href="https://infosec.space/tags/Certificate" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Certificate</span></a> updates for <a href="https://infosec.space/tags/integrity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>integrity</span></a> or <a href="https://infosec.space/tags/signatures" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>signatures</span></a> <em>at all</em>...</p>
Kevin Karhan :verified:<p>And if you think <a href="https://infosec.space/tags/BanJS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BanJS</span></a> is too radical then ask the people of <span class="h-card" translate="no"><a href="https://mastodon.social/@torproject" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>torproject</span></a></span> why they banned <a href="https://infosec.space/tags/JavaScript" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>JavaScript</span></a> in it...</p><ul><li>It think <a href="https://infosec.space/tags/JS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>JS</span></a> is a <em>'net negative'</em> to the world and deserves to be banned right after <a href="https://infosec.space/tags/Windows" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Windows</span></a> amd espechally <a href="https://infosec.space/tags/WindowsServer" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>WindowsServer</span></a>, because those are just vile <a href="https://infosec.space/tags/Govware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Govware</span></a> that should be outlawed since <a href="https://infosec.space/tags/PRISM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PRISM</span></a> & <a href="https://infosec.space/tags/EthernalBlue" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>EthernalBlue</span></a> and the <a href="https://infosec.space/tags/CryptoAPI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CryptoAPI</span></a> <a href="https://infosec.space/tags/backdoor" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>backdoor</span></a> <a href="http://github.com/kkarhan/windows-ca-backdoor-fix" rel="nofollow noopener noreferrer" target="_blank">got public</a>! </li></ul><p>I mean, how long will y'all just accept being abused, lied and being gaslit by <a href="https://infosec.space/tags/Microsoft" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Microsoft</span></a> in specific amd <a href="https://infosec.space/tags/GAFAMs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GAFAMs</span></a> in general???</p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://cyberplace.social/@GossiTheDog" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>GossiTheDog</span></a></span> OFC there is - Microsoft still keeps their own <a href="https://infosec.space/tags/CryptoAPI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CryptoAPI</span></a> <a href="https://infosec.space/tags/backdoored" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>backdoored</span></a> to this day...</p><p>Not shure if <a href="http://github.com/kkarhan/windows-ca-backdoor-fix" rel="nofollow noopener noreferrer" target="_blank">a fix</a> even works anymore amd since I'm 100% <a href="https://infosec.space/tags/Windows" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Windows</span></a>-free I'd rather drink a bottle of vinegar or snort a line of soda than ever touching that cursed <a href="https://infosec.space/tags/Govware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Govware</span></a> ever again in my life...</p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://social.cologne/@md" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>md</span></a></span> <span class="h-card" translate="no"><a href="https://mastodon.social/@bkastl" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>bkastl</span></a></span> außer es ist halt <a href="https://infosec.space/tags/Govware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Govware</span></a> von <a href="https://infosec.space/tags/Microsoft" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Microsoft</span></a> wie <a href="https://infosec.space/tags/Windows" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Windows</span></a>...</p><p>Da ist das Betriebssystem unfixbar kaputt...</p><p><a href="https://github.com/kkarhan/windows-ca-backdoor-fix" rel="nofollow noopener noreferrer" target="_blank">Egal ob</a> <a href="https://infosec.space/tags/CryptoAPI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CryptoAPI</span></a> <a href="https://github.com/xaitax/TotalRecall" rel="nofollow noopener noreferrer" target="_blank">oder</a> <a href="https://infosec.space/tags/Recall" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Recall</span></a> oder <a href="https://infosec.space/tags/CensorBoot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CensorBoot</span></a> <a href="https://gist.github.com/acepace/df34b5213f1e0fae6529eb703d947187" rel="nofollow noopener noreferrer" target="_blank">aka.</a> <a href="https://github.com/lgibson02/GoldenKeysUSB" rel="nofollow noopener noreferrer" target="_blank"><em>"Secure Boot"</em></a>... </p><p>Und die <a href="https://infosec.space/tags/CDU" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CDU</span></a> <a href="https://infosec.space/@kkarhan/112641907638340663" rel="nofollow noopener noreferrer" target="_blank">hat alle kompetenten Leute vergrault</a>...</p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://haunted.computer/@chompie1337" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>chompie1337</span></a></span> I guess yu should just put it up on <a href="https://infosec.space/tags/GitHub" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GitHub</span></a> and taunt <a href="https://infosec.space/tags/Microsoft" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Microsoft</span></a> with the communications unredacted and in full lenght as part of the documentation.</p><ul><li>After all, they can't he assed to fix the <a href="https://infosec.space/tags/CryptoAPI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CryptoAPI</span></a> <a href="https://infosec.space/tags/backdoor" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>backdoor</span></a> since <a href="https://infosec.space/tags/WindowsXP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>WindowsXP</span></a> anyway...</li></ul>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://awscommunity.social/@Quinnypig" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>Quinnypig</span></a></span> the sheer fact that <a href="https://infosec.space/tags/Microsoft" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Microsoft</span></a> and <a href="https://infosec.space/tags/Windows11" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Windows11</span></a> ain't banned across the <a href="https://infosec.space/tags/EU" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>EU</span></a> to this day is an indictment to the <a href="https://infosec.space/tags/TechIlliteracy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TechIlliteracy</span></a> of politicans in the <span class="h-card" translate="no"><a href="https://ec.social-network.europa.eu/@EUCommission" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>EUCommission</span></a></span> & <span class="h-card" translate="no"><a href="https://respublicae.eu/@europarl_en" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>europarl_en</span></a></span> despite</p><ul><li><a href="https://infosec.space/tags/PRISM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PRISM</span></a></li><li><a href="https://infosec.space/tags/GoldenKeyBoot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GoldenKeyBoot</span></a> (aka. <a href="https://infosec.space/tags/CensorBoot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CensorBoot</span></a> got owned!)</li><li><a href="https://infosec.space/tags/CryptoAPI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CryptoAPI</span></a> <a href="https://infosec.space/tags/backdoors" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>backdoors</span></a> <a href="https://github.com/kkarhan/windows-ca-backdoor-fix" rel="nofollow noopener noreferrer" target="_blank">they refuse to acknowledge or fix at all</a>!</li><li><a href="https://infosec.space/tags/CloudAct" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CloudAct</span></a></li><li>Unwillingness to comply with <a href="https://infosec.space/tags/GDPR" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GDPR</span></a> out if the box</li></ul><p>and now</p><ul><li><a href="https://infosec.space/tags/Recall" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Recall</span></a> aka. the worst disguised <a href="https://infosec.space/tags/Govware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Govware</span></a> / <a href="https://infosec.space/tags/Spyware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Spyware</span></a> in existance that allows anyone to <a href="https://github.com/xaitax/TotalRecall" rel="nofollow noopener noreferrer" target="_blank">simply extract credentials</a> without the need to install a <a href="https://infosec.space/tags/Keylogger" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Keylogger</span></a>, <a href="https://infosec.space/tags/ScreenRecorder" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ScreenRecorder</span></a> and/or commit <a href="https://infosec.space/tags/ProvilegueEscalatiom" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ProvilegueEscalatiom</span></a> successfully <em>at all</em>...</li></ul><p>And since <span class="h-card" translate="no"><a href="https://cyberplace.social/@GossiTheDog" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>GossiTheDog</span></a></span> managed to get it running on a system w/o <em>"<a href="https://infosec.space/tags/AI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AI</span></a>" acceleration</em> aka. <em>"<a href="https://infosec.space/tags/NPU" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NPU</span></a>"</em> it's safe to assume that it'll be perfectly possible to retroactively shove it down everyones' throats without recourse!</p><ul><li>Actually there are options for recourse besides <em>"<a href="https://infosec.space/tags/ThoughtsAndPrayers" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ThoughtsAndPrayers</span></a>"</em> that regulators like <span class="h-card" translate="no"><a href="https://social.bund.de/@bsi" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>bsi</span></a></span> would actually take this seriously: </li></ul><p>Like: <em>Stop using <a href="https://infosec.space/tags/Windows" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Windows</span></a> and <a href="https://www.youtube.com/watch?v=PkKfV0ATrH4" rel="nofollow noopener noreferrer" target="_blank">get some help</a> migrating away from it to a good <a href="https://infosec.space/tags/Linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Linux</span></a> distro!</em></p><p><a href="https://infosec.space/tags/WhatYouAllowIsWhatWillContinue" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>WhatYouAllowIsWhatWillContinue</span></a></p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://hachyderm.io/@evacide" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>evacide</span></a></span> I don't believe a single.sillable of that shite - not since they did even worse shite in the past, like <a href="http://github.com/kkarhan/windows-ca-backdoor-fix" rel="nofollow noopener noreferrer" target="_blank">backdooring</a> the <a href="https://infosec.space/tags/CryptoAPI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CryptoAPI</span></a> of <a href="https://infosec.space/tags/Windows" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Windows</span></a>...</p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://mastodon.social/@fradie_new" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>fradie_new</span></a></span> wer so todeslost ist, der darf auch keine Webseiten nutzen die irgendeine <a href="https://infosec.space/tags/FLOSS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FLOSS</span></a>'te <a href="https://infosec.space/tags/SSL" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SSL</span></a>-Bibliothek nutzt...</p><ul><li>Viel erfolg, denn effektiv nutzen alle <a href="https://infosec.space/tags/OpenSSL" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenSSL</span></a> oder andere <a href="https://infosec.space/tags/OpenSource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenSource</span></a>-lizensierten Varianten!</li></ul><p>Wenn überhaupt ist <a href="https://infosec.space/tags/CCSS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CCSS</span></a> gämzlich zu misstrauen...<br>Vorallem in Sachen <a href="https://infosec.space/tags/Sicherheit" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Sicherheit</span></a>...</p><ul><li>Siehe <a href="https://infosec.space/tags/Windows" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Windows</span></a> <a href="https://infosec.space/tags/CryptoAPI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CryptoAPI</span></a> als <a href="https://infosec.space/tags/Govware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Govware</span></a>-<a href="https://infosec.space/tags/Backdoor" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Backdoor</span></a> in <a href="https://github.com/kkarhan/windows-ca-backdoor-fix" rel="nofollow noopener noreferrer" target="_blank">Windows</a>!</li></ul>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://grimgreenfo.rest/@SweetCoffy" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>SweetCoffy</span></a></span> <em>nodds in agreement</em></p><p>It"s a shitty <a href="https://infosec.space/tags/Govware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Govware</span></a> full of <a href="https://infosec.space/tags/Backdiors" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Backdiors</span></a>, like it's <a href="https://infosec.space/tags/CryptoAPI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CryptoAPI</span></a>!</p><p><a href="https://github.com/kkarhan/windows-ca-backdoor-fix" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/kkarhan/windows-ca-</span><span class="invisible">backdoor-fix</span></a></p>
SearchLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload