Anna<p>In case it was missed in the post above, this is my updated article:</p><p>👉 <a href="https://www.thecanary.co/global/world-analysis/2025/04/01/anna-severe-me-cfs/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">thecanary.co/global/world-anal</span><span class="invisible">ysis/2025/04/01/anna-severe-me-cfs/</span></a></p><p>My doctor predicts I will die if I don’t leave soon. </p><p>I need a solid, safe, home I can go to and recover to at least a stable baseline. It’s not full recovery, but it’s better than a slow death.</p><p>Help please 🙏 </p><p><a href="https://aus.social/tags/PwME" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PwME</span></a> <a href="https://aus.social/tags/LongCovid" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>LongCovid</span></a> <a href="https://aus.social/tags/MECFS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MECFS</span></a> <a href="https://aus.social/tags/Hypothyroidism" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Hypothyroidism</span></a> <a href="https://aus.social/tags/ChronicIllness" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ChronicIllness</span></a> <a href="https://aus.social/tags/Neisvoid" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Neisvoid</span></a> <a href="https://aus.social/tags/Abuse" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Abuse</span></a> <a href="https://aus.social/tags/Housing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Housing</span></a> <a href="https://aus.social/tags/Dysautonomia" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Dysautonomia</span></a> <a href="https://aus.social/tags/SocialWork" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SocialWork</span></a> <a href="https://aus.social/tags/MedMastodon" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MedMastodon</span></a> <a href="https://aus.social/tags/PWLC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PWLC</span></a> <a href="https://aus.social/tags/MutualAid" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MutualAid</span></a> <br><a href="https://aus.social/tags/HumanRights" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>HumanRights</span></a> <a href="https://aus.social/tags/Press" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Press</span></a> <a href="https://aus.social/tags/Housing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Housing</span></a> <a href="https://aus.social/tags/Journalism" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Journalism</span></a> <a href="https://aus.social/tags/MECFS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MECFS</span></a> <a href="https://aus.social/tags/SevereME" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SevereME</span></a> <a href="https://aus.social/tags/Abuse" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Abuse</span></a> <a href="https://aus.social/tags/Neglect" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Neglect</span></a> <a href="https://aus.social/tags/MutualAid" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MutualAid</span></a> <a href="https://aus.social/tags/Narcissist" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Narcissist</span></a> <a href="https://aus.social/tags/Psychopath" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Psychopath</span></a> <a href="https://aus.social/tags/MCAS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MCAS</span></a> <a href="https://aus.social/tags/MCAD" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MCAD</span></a> <a href="https://aus.social/tags/Endometriosis" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Endometriosis</span></a> <a href="https://aus.social/tags/ChronicPain" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ChronicPain</span></a> <a href="https://aus.social/tags/CostOfLivingCrisis" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CostOfLivingCrisis</span></a> <a href="https://aus.social/tags/Melbourne" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Melbourne</span></a> <a href="https://aus.social/tags/Australia" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Australia</span></a> <a href="https://aus.social/tags/DomesticAbuse" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DomesticAbuse</span></a> <a href="https://aus.social/tags/DV" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DV</span></a></p><p><span class="h-card" translate="no"><a href="https://a.gup.pe/u/chronicillness" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>chronicillness</span></a></span> <span class="h-card" translate="no"><a href="https://a.gup.pe/u/longcovid" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>longcovid</span></a></span> <span class="h-card" translate="no"><a href="https://a.gup.pe/u/neisvoid" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>neisvoid</span></a></span> <br><span class="h-card" translate="no"><a href="https://a.gup.pe/u/disabilityjustice" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>disabilityjustice</span></a></span> <br><span class="h-card" translate="no"><a href="https://a.gup.pe/u/disability" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>disability</span></a></span> <span class="h-card" translate="no"><a href="https://a.gup.pe/u/socialwork" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>socialwork</span></a></span> <br><span class="h-card" translate="no"><a href="https://a.gup.pe/u/dysautonomia" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>dysautonomia</span></a></span> <span class="h-card" translate="no"><a href="https://a.gup.pe/u/mutualaid" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>mutualaid</span></a></span> <br><span class="h-card" translate="no"><a href="https://a.gup.pe/u/mecfs" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>mecfs</span></a></span> <br><span class="h-card" translate="no"><a href="https://a.gup.pe/u/chronicpain" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>chronicpain</span></a></span> <br><span class="h-card" translate="no"><a href="https://a.gup.pe/u/mcas" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>mcas</span></a></span> <br><span class="h-card" translate="no"><a href="https://a.gup.pe/u/australia" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>australia</span></a></span> <br><span class="h-card" translate="no"><a href="https://a.gup.pe/u/melbourne" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>melbourne</span></a></span></p>
Recent searches
No recent searches
Search options
Only available when logged in.
bolha.us is one of the many independent Mastodon servers you can use to participate in the fediverse.
We're a Brazilian IT Community. We love IT/DevOps/Cloud, but we also love to talk about life, the universe, and more. | Nós somos uma comunidade de TI Brasileira, gostamos de Dev/DevOps/Cloud e mais!
Administered by:
Server stats:
255active users
bolha.us: About · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.3.7
#DV
0 posts · 0 participants · 0 posts today
Erik van Straten<p><span class="h-card" translate="no"><a href="https://mastodon.ar.al/@aral" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>aral</span></a></span> :</p><p>I don't want to pay a cent. Neither donate, nor via taxes.</p><p><a href="https://infosec.exchange/@ErikvanStraten/114227977082449887" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">infosec.exchange/@ErikvanStrat</span><span class="invisible">en/114227977082449887</span></a></p><p><span class="h-card" translate="no"><a href="https://mstdn.social/@TheDutchChief" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>TheDutchChief</span></a></span> <span class="h-card" translate="no"><a href="https://ec.social-network.europa.eu/@EUCommission" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>EUCommission</span></a></span> <span class="h-card" translate="no"><a href="https://infosec.exchange/@letsencrypt" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>letsencrypt</span></a></span> <span class="h-card" translate="no"><a href="https://social.nlnet.nl/@nlnet" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>nlnet</span></a></span> </p><p><a href="https://infosec.exchange/tags/Authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Authentication</span></a> <a href="https://infosec.exchange/tags/Impersonation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Impersonation</span></a> <a href="https://infosec.exchange/tags/Spoofing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Spoofing</span></a> <a href="https://infosec.exchange/tags/Phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Phishing</span></a> <a href="https://infosec.exchange/tags/DV" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DV</span></a> <a href="https://infosec.exchange/tags/GoogleIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GoogleIsEvil</span></a> <a href="https://infosec.exchange/tags/BigTechIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BigTechIsEvil</span></a> <a href="https://infosec.exchange/tags/Certificates" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Certificates</span></a> <a href="https://infosec.exchange/tags/httpsVShttp" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>httpsVShttp</span></a> <a href="https://infosec.exchange/tags/AitM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AitM</span></a> <a href="https://infosec.exchange/tags/MitM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MitM</span></a> <a href="https://infosec.exchange/tags/FakeWebsites" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FakeWebsites</span></a> <a href="https://infosec.exchange/tags/CloudflareIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CloudflareIsEvil</span></a> <a href="https://infosec.exchange/tags/bond" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>bond</span></a> <a href="https://infosec.exchange/tags/dotBond" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>dotBond</span></a> <a href="https://infosec.exchange/tags/Spam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Spam</span></a> <a href="https://infosec.exchange/tags/Infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Infosec</span></a> <a href="https://infosec.exchange/tags/Ransomware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Ransomware</span></a> <a href="https://infosec.exchange/tags/Banks" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Banks</span></a> <a href="https://infosec.exchange/tags/CloudflareIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CloudflareIsEvil</span></a> <a href="https://infosec.exchange/tags/FakeWebsites" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FakeWebsites</span></a></p>
Erik van Straten<p><span class="h-card" translate="no"><a href="https://mastodon.ar.al/@aral" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>aral</span></a></span> : most Let's Encrypt (and other Domain Validated) certificates are issued to junk- or plain criminal websites.</p><p>They're the ultimate manifestation of evil big tech.</p><p>They were introduced to encrypt the "last mile" because Internet Service Providers were replacing ads in webpages and, in the other direction, inserting fake clicks.</p><p>DV has destroyed the internet. People loose their ebank savings and companies get ransomwared; phishing is dead simple. EDIW/EUDIW will become an identity fraud disaster (because of AitM phishing atracks).</p><p>Even the name "Let's Encrypt" is wrong for a CSP: nobody needs a certificate to encrypt a connection. The primary purpose of a certificate is AUTHENTICATION (of the owner of the private key, in this case the website).</p><p>However, for human beings, just a domain name simply does not provide reliable identification information. It renders impersonation a peace of cake.</p><p>Decent online authentication is HARD. Get used to it instead of denying it.</p><p>REASONS/EXAMPLES</p><p>🔹 Troy Hunt fell in the DV trap: <a href="https://infosec.exchange/@ErikvanStraten/114222237036021070" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">infosec.exchange/@ErikvanStrat</span><span class="invisible">en/114222237036021070</span></a></p><p>🔹 Google (and Troy Hunt!) killed non-DV certs (for profit) because of the stripe.com PoC. Now Chrome does not give you any more info than what Google argumented: <a href="https://infosec.exchange/@ErikvanStraten/114224682101772569" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">infosec.exchange/@ErikvanStrat</span><span class="invisible">en/114224682101772569</span></a></p><p>🔹 https:⧸⧸cancel-google.com/captcha was live yesterday: <a href="https://infosec.exchange/@ErikvanStraten/114224264440704546" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">infosec.exchange/@ErikvanStrat</span><span class="invisible">en/114224264440704546</span></a></p><p>🔹 Stop phishing proposal: <a href="https://infosec.exchange/@ErikvanStraten/113079966331873386" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">infosec.exchange/@ErikvanStrat</span><span class="invisible">en/113079966331873386</span></a></p><p>🔹 Lots of reasons why LE sucks:<br><a href="https://infosec.exchange/@ErikvanStraten/112914047006977222" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">infosec.exchange/@ErikvanStrat</span><span class="invisible">en/112914047006977222</span></a> (corrected link 09:20 UTC)</p><p>🔹 This website stopped registering junk .bond domain names, probably because there were too many every day (the last page I found): <a href="https://newly-registered-domains.abtdomain.com/2024-08-15-bond-newly-registered-domains-part-1/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">newly-registered-domains.abtdo</span><span class="invisible">main.com/2024-08-15-bond-newly-registered-domains-part-1/</span></a>. However, this gang is still active, open the RELATIONS tab in <a href="https://www.virustotal.com/gui/ip-address/13.248.197.209/relations" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">virustotal.com/gui/ip-address/</span><span class="invisible">13.248.197.209/relations</span></a>. You have to multiply the number of LE certs by approx. 5 because they also register subdomains and don't use wildcard certs. Source: <a href="https://www.bleepingcomputer.com/news/security/revolver-rabbit-gang-registers-500-000-domains-for-malware-campaigns/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">bleepingcomputer.com/news/secu</span><span class="invisible">rity/revolver-rabbit-gang-registers-500-000-domains-for-malware-campaigns/</span></a></p><p><span class="h-card" translate="no"><a href="https://ec.social-network.europa.eu/@EUCommission" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>EUCommission</span></a></span> <span class="h-card" translate="no"><a href="https://infosec.exchange/@letsencrypt" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>letsencrypt</span></a></span> <span class="h-card" translate="no"><a href="https://social.nlnet.nl/@nlnet" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>nlnet</span></a></span> </p><p><a href="https://infosec.exchange/tags/Authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Authentication</span></a> <a href="https://infosec.exchange/tags/Impersonation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Impersonation</span></a> <a href="https://infosec.exchange/tags/Spoofing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Spoofing</span></a> <a href="https://infosec.exchange/tags/Phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Phishing</span></a> <a href="https://infosec.exchange/tags/DV" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DV</span></a> <a href="https://infosec.exchange/tags/GoogleIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GoogleIsEvil</span></a> <a href="https://infosec.exchange/tags/BigTechIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BigTechIsEvil</span></a> <a href="https://infosec.exchange/tags/Certificates" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Certificates</span></a> <a href="https://infosec.exchange/tags/httpsVShttp" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>httpsVShttp</span></a> <a href="https://infosec.exchange/tags/AitM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AitM</span></a> <a href="https://infosec.exchange/tags/MitM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MitM</span></a> <a href="https://infosec.exchange/tags/FakeWebsites" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FakeWebsites</span></a> <a href="https://infosec.exchange/tags/CloudflareIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CloudflareIsEvil</span></a> <a href="https://infosec.exchange/tags/bond" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>bond</span></a> <a href="https://infosec.exchange/tags/dotBond" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>dotBond</span></a> <a href="https://infosec.exchange/tags/Spam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Spam</span></a> <a href="https://infosec.exchange/tags/Infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Infosec</span></a> <a href="https://infosec.exchange/tags/Ransomware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Ransomware</span></a> <a href="https://infosec.exchange/tags/Banks" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Banks</span></a> <a href="https://infosec.exchange/tags/CloudflareIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CloudflareIsEvil</span></a> <a href="https://infosec.exchange/tags/FakeWebsites" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FakeWebsites</span></a></p>
Erik van Straten<p><span class="h-card" translate="no"><a href="https://infosec.exchange/@lewiray" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>lewiray</span></a></span> : phishing can and should be mitigated.</p><p>See <a href="https://infosec.exchange/@ErikvanStraten/114222237036021070" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">infosec.exchange/@ErikvanStrat</span><span class="invisible">en/114222237036021070</span></a> and (I just wrote this) <a href="https://infosec.exchange/@ErikvanStraten/114224682101772569" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">infosec.exchange/@ErikvanStrat</span><span class="invisible">en/114224682101772569</span></a>.</p><p><span class="h-card" translate="no"><a href="https://infosec.exchange/@haveibeenpwned" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>haveibeenpwned</span></a></span> </p><p><a href="https://infosec.exchange/tags/DV" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DV</span></a> <a href="https://infosec.exchange/tags/Browsers" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Browsers</span></a> <a href="https://infosec.exchange/tags/BigTechIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BigTechIsEvil</span></a> <a href="https://infosec.exchange/tags/GoogleIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GoogleIsEvil</span></a> <a href="https://infosec.exchange/tags/CloudflareIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CloudflareIsEvil</span></a></p>
Erik van Straten<p><span class="h-card" translate="no"><a href="https://troet.cafe/@rohare" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>rohare</span></a></span> : phishing can and should be mitigated.</p><p>See <a href="https://infosec.exchange/@ErikvanStraten/114222237036021070" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">infosec.exchange/@ErikvanStrat</span><span class="invisible">en/114222237036021070</span></a>.</p><p><span class="h-card" translate="no"><a href="https://infosec.exchange/@haveibeenpwned" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>haveibeenpwned</span></a></span> </p><p><a href="https://infosec.exchange/tags/DV" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DV</span></a> <a href="https://infosec.exchange/tags/Browsers" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Browsers</span></a> <a href="https://infosec.exchange/tags/BigTechIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BigTechIsEvil</span></a> <a href="https://infosec.exchange/tags/GoogleIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GoogleIsEvil</span></a> <a href="https://infosec.exchange/tags/CloudflareIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CloudflareIsEvil</span></a></p>
Erik van Straten<p><span class="h-card" translate="no"><a href="https://mastodon.social/@BjornW" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>BjornW</span></a></span> :</p><p>I've stopped doing that after a lot of people called me an idiot and a liar if I kindly notified them. I stopped, I'll get scolded anyway.</p><p>Big tech and most admins want everyone to believe that "Let's Encrypt" is the only goal. Nearly 100% of tech people believe that.</p><p>And admins WANT to believe that, because reliable authentication of website owners is a PITA. They just love ACME and tell their website visitors to GFY.</p><p>People like you tooting nonsense get a lot of boosts. It's called fake news or big tech propaganda. If you know better, why don't you WRITE BETTER?</p><p>It has ruined the internet. Not for phun but purely for profit. And it is what ruins people's lives and lets employees open the vdoor for ransomware and data-theft.</p><p>See also <a href="https://infosec.exchange/@ErikvanStraten/112914047006977222" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">infosec.exchange/@ErikvanStrat</span><span class="invisible">en/112914047006977222</span></a> (and, in Dutch, <a href="https://security.nl/posting/881296" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">security.nl/posting/881296</span><span class="invisible"></span></a>).</p><p><span class="h-card" translate="no"><a href="https://infosec.exchange/@troyhunt" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>troyhunt</span></a></span> <span class="h-card" translate="no"><a href="https://infosec.exchange/@letsencrypt" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>letsencrypt</span></a></span> </p><p><a href="https://infosec.exchange/tags/DV" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DV</span></a> <a href="https://infosec.exchange/tags/Impersonation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Impersonation</span></a> <a href="https://infosec.exchange/tags/AnonymousCertificates" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AnonymousCertificates</span></a> <a href="https://infosec.exchange/tags/Authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Authentication</span></a> <a href="https://infosec.exchange/tags/LetsAuthenticate" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>LetsAuthenticate</span></a> <a href="https://infosec.exchange/tags/BigTechIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BigTechIsEvil</span></a> <a href="https://infosec.exchange/tags/GoogleIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GoogleIsEvil</span></a> <a href="https://infosec.exchange/tags/CloudflareIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CloudflareIsEvil</span></a> <a href="https://infosec.exchange/tags/LetsEncrypt" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>LetsEncrypt</span></a> <a href="https://infosec.exchange/tags/Identity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Identity</span></a> <a href="https://infosec.exchange/tags/Authenticity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Authenticity</span></a> <a href="https://infosec.exchange/tags/Phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Phishing</span></a> <a href="https://infosec.exchange/tags/Spoofing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Spoofing</span></a> <a href="https://infosec.exchange/tags/CyberCrime" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberCrime</span></a> <a href="https://infosec.exchange/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a> <a href="https://infosec.exchange/tags/AitM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AitM</span></a> <a href="https://infosec.exchange/tags/MitM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MitM</span></a> <a href="https://infosec.exchange/tags/Weak2FA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Weak2FA</span></a> <a href="https://infosec.exchange/tags/WeakMFA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>WeakMFA</span></a> <a href="https://infosec.exchange/tags/DVcerts" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DVcerts</span></a> <a href="https://infosec.exchange/tags/Certificates" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Certificates</span></a> <a href="https://infosec.exchange/tags/ACME" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ACME</span></a> <a href="https://infosec.exchange/tags/USdependencies" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>USdependencies</span></a> <a href="https://infosec.exchange/tags/USdependency" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>USdependency</span></a> <a href="https://infosec.exchange/tags/USdependent" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>USdependent</span></a> <a href="https://infosec.exchange/tags/USAdependencies" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>USAdependencies</span></a> <a href="https://infosec.exchange/tags/USAdependency" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>USAdependency</span></a> <a href="https://infosec.exchange/tags/USAdependent" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>USAdependent</span></a></p>
Erik van Straten<p><span class="h-card" translate="no"><a href="https://infosec.exchange/@troyhunt" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>troyhunt</span></a></span> : if we open a website that we've never visited before, we need browsers to show us all available details about that website, and warn us if such details are not available.</p><p>We also need better (readable) certificates identifying the responsible / accountable party for a website.</p><p>We have been lied to that anonymous DV certificates are a good idea *also* for websites we need to trust. It's a hoax.</p><p>Important: certificates never directly warrant the trustworthyness of a website. They're about authenticity, which includes knowing who the owner is and in which country they are located. This helps ensuring that you can sue them (or not, if in e.g. Russia) which *indirectly* makes better identifiable websites more reliable.</p><p>More info in <a href="https://infosec.exchange/@ErikvanStraten/113079966331873386" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">infosec.exchange/@ErikvanStrat</span><span class="invisible">en/113079966331873386</span></a> (see also <a href="https://crt.sh/?Identity=mailchimp-sso.com" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">crt.sh/?Identity=mailchimp-sso</span><span class="invisible">.com</span></a>).</p><p>Note: most people do not understand certificates, like <span class="h-card" translate="no"><a href="https://mastodon.social/@BjornW" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>BjornW</span></a></span> in <a href="https://mastodon.social/@BjornW/114064065891034415" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">mastodon.social/@BjornW/114064</span><span class="invisible">065891034415</span></a>:<br>❝<br><span class="h-card" translate="no"><a href="https://infosec.exchange/@letsencrypt" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>letsencrypt</span></a></span> offers certificates to encrypt the traffic between a website & your browser.<br>❞<br>2x wrong.</p><p>A TLS v1.3 connection is encrypted before the website sends their certificate, which is used only for *authentication* of the website (using a digital signature over unguessable secret TLS connection parameters). A cert binds the domain name to a public key, and the website proves possession of the associated private key.</p><p>However, for people a domain name simply does not suffice for reliable identification. People need more info in the certificate and it should be shown to them when it changes.</p><p>Will you please help me get this topic seriously on the public agenda?</p><p>Edited 09:15 UTC to add: tap "Alt" in the images for details.</p><p><a href="https://infosec.exchange/tags/DVcerts" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DVcerts</span></a> <a href="https://infosec.exchange/tags/Authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Authentication</span></a> <a href="https://infosec.exchange/tags/Impersonation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Impersonation</span></a> <a href="https://infosec.exchange/tags/Spoofing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Spoofing</span></a> <a href="https://infosec.exchange/tags/Phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Phishing</span></a> <a href="https://infosec.exchange/tags/DV" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DV</span></a> <a href="https://infosec.exchange/tags/GoogleIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GoogleIsEvil</span></a> <a href="https://infosec.exchange/tags/BigTechIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BigTechIsEvil</span></a> <a href="https://infosec.exchange/tags/Certificates" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Certificates</span></a> <a href="https://infosec.exchange/tags/httpsVShttp" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>httpsVShttp</span></a> <a href="https://infosec.exchange/tags/AitM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AitM</span></a> <a href="https://infosec.exchange/tags/MitM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MitM</span></a> <a href="https://infosec.exchange/tags/FakeWebsites" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FakeWebsites</span></a> <a href="https://infosec.exchange/tags/CloudflareIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CloudflareIsEvil</span></a></p>
Ana Tudor 🐯<p>My most popular demo of 2024. By far. My second most hearted <span class="h-card" translate="no"><a href="https://fosstodon.org/@codepen" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>codepen</span></a></span> demo ever.</p><p><a href="https://codepen.io/thebabydino/pen/WNVPdJg" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">codepen.io/thebabydino/pen/WNV</span><span class="invisible">PdJg</span></a></p><p>Pure <a href="https://mastodon.social/tags/CSS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CSS</span></a>, single div, very little code overall; and that's even including layout, prettifying & animation styles. Oh, heavily commented too.</p><p><a href="https://mastodon.social/tags/code" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>code</span></a> <a href="https://mastodon.social/tags/coding" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>coding</span></a> <a href="https://mastodon.social/tags/frontend" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>frontend</span></a> <a href="https://mastodon.social/tags/cssVariables" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cssVariables</span></a> <a href="https://mastodon.social/tags/web" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>web</span></a> <a href="https://mastodon.social/tags/dv" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>dv</span></a> <a href="https://mastodon.social/tags/webDev" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>webDev</span></a> <a href="https://mastodon.social/tags/webDevelopment" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>webDevelopment</span></a> <a href="https://mastodon.social/tags/cssGradient" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cssGradient</span></a> <a href="https://mastodon.social/tags/filter" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>filter</span></a> <a href="https://mastodon.social/tags/cssFilter" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cssFilter</span></a> <a href="https://mastodon.social/tags/glow" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>glow</span></a></p>
Erik van Straten<p>Risico Cloudflare (+Trump)</p><p>🌦️ Achter Cloudflare<br>Steeds meer websites zitten "achter" het Amerikaanse bedrijf Cloudflare. Stel u opent <a href="https://pvv.nl" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">pvv.nl</span><span class="invisible"></span></a> (let op, daar staat https:// vóór, Mastodon verstopt dat) in uw browser:</p><p> browser <-1-> Cloudflare <-2-> <a href="https://pvv.nl" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">pvv.nl</span><span class="invisible"></span></a></p><p>⛓️💥 Géén E2EE<br>Bij zeer veel websites (<a href="https://pvv.nl" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">pvv.nl</span><span class="invisible"></span></a> is een voorbeeld) is er sprake van twee *verschillende* verbindingen, dus beslist geen E2EE = End-to-End-Encryption (voor zover dat überhaupt nog wat zegt als de "echte" een cloud-server van Google, Microsoft of Amazon is).</p><p>🕋 CDN's<br>Cloudflare, een CDN (Content Delivery Network), heeft een wereldomspannend netwerk met "tunnel"-servers in computercentra van de meeste internetproviders. Waarschijnlijk ook bij u "om de hoek".</p><p>🔥 DDoS-aanvallen<br>Dat is werkt uitstekend tegen DDoS (Distributed Denial of Service) aanvallen. Ook zorgen CDN's voor veel snellere communicatie (mede doordat plaatjes e.d. op een web van servers "gecached" worden) - ook als de "echte" server aan de andere kant van de wereld staan.</p><p>🚨 Nadelen<br>Maar dit is NIET zonder prijs! Cloudflare kan namelijk *meekijken* in zeer veel "versleuteld" netwerkverkeer (en dat zelfs, desgewenst, wijzigen).</p><p>🚦 Nee, niet *u*<br>Ook kunnen Cloudflare-klanten allerlei regels instellen waar bezoekers aan moeten voldoen, en hen als "ongewenst" bezoek blokkeren (ook *criminele* klanten maken veelvuldig gebruik van deze mogelijkheid, o.a. om te voorkómen dat de makers van virusscanners nepwebsites op kwaadaardige inhoud kunnen checken).<br>Aanvulling 14:39: { zo kan ik, met Firefox Focus onder Android, <a href="https://cidi.nl" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">cidi.nl</span><span class="invisible"></span></a> *niet* openen, ik zie dan een pagina waarin o.a. staat "Even geduld, de website van Centrum Informatie en Documentatie Israël (CIDI) is aan het verifiëren of de verbinding veilig is. Please unblock challenges.cloudflare.com to proceed."<br>}</p><p>😎 Men In Black<br>Omdat Cloudflare een (tevens) in de VS gevestigd bedrijf is, moeten zij voldoen aan de Amerikaanse FISA section 702 wetgeving. Dat betekent dat hen opgedragen kan worden om internetverkeer te monitoren, en zij daar een zwijgplicht over hebben. Terwijl Amerikanen al minder privacy-rechten hebben dan Europeanen, hebben *niet*-Amerikanen *nul* privacyrechten volgens genoemde FISA wet.</p><p>🔓 Knip<br>Dat https-verbindingen via Cloudflare niet E2EE zijn, blijkt uit onderstaand plaatje (dat vast méér mensen wel eens gezien hebben).</p><p>📜 Certificaten en foutmeldingen<br>Dat plaatje kan, zonder certificaatfoutmeldingen, ALLEEN bestaan als Cloudflare een geldig authenticerend website-certificaat (een soort paspoort) heeft voor, in dit geval, <a href="https://bleepingcomputer.com" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">bleepingcomputer.com</span><span class="invisible"></span></a> - en dat hébben ze. Voor MILJOENEN websites.</p><p>🛃 MitM<br>Cloudflare (maar ook anderen, zoals Fastly) zijn een MitM (Man in the Middle).</p><p>🤔 De tweede verbinding?<br>Uw browser heeft, grotendeels transparant, een E2EE-verbinding met een Cloudflare server. U heeft géén idee wat voor soort verbinding Cloudflare met de werkelijke website heeft (is dat überhaupt https, en een veilige variant daarvan? Wat doet Cloudflare als het certificaat van de website verlopen is? Etc).</p><p>👽 AitM<br>En zodra een MitM kwaadaardig wordt, noemen we het een AitM (A van Attacker of Adversary).</p><p>🗽 Trump<br>Als Trump Cloudflare opdraagt om geen diensten meer aan NL of EU te leveren, werkt hier HELEMAAL NIETS MEER en dondert onze economie als een kaartenhuis in elkaar.</p><p>🃏 DV-certs<br>Dat Cloudflare een website-certificaat voor bijvoorbeeld <a href="https://vvd.nl" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">vvd.nl</span><span class="invisible"></span></a> of <a href="https://cidi.nl" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">cidi.nl</span><span class="invisible"></span></a> heeft verkregen, zou vreemd moeten zijn. Dit is echter een peuleschil "dankzij" DV (Domain Validated) certificaten (het lievelingetje van Google) die het internet steeds onveiliger maken en waar ook onze overheid "voor gevallen is" (zie <a href="https://infosec.exchange/@ErikvanStraten/114032329847123742" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">infosec.exchange/@ErikvanStrat</span><span class="invisible">en/114032329847123742</span></a>).</p><p>😱 Nepwebsites<br>Maar dit is nog niet alles: steeds meer criminele nepwebsites *verstoppen* zich achter Cloudflare, waar zijzelf (crimineel) geld aan verdient. Zie bijvoorbeeld <a href="https://security.nl/posting/876655" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">security.nl/posting/876655</span><span class="invisible"></span></a> (of kijk eens in het "RELATIONS" tabblad van <a href="https://www.virustotal.com/gui/ip-address/188.114.96.0/relations" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">virustotal.com/gui/ip-address/</span><span class="invisible">188.114.96.0/relations</span></a> en druk enkele keren op •••).</p><p><a href="https://infosec.exchange/tags/Risico" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Risico</span></a> <a href="https://infosec.exchange/tags/Economie" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Economie</span></a> <a href="https://infosec.exchange/tags/Cloudflare" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cloudflare</span></a> <a href="https://infosec.exchange/tags/Fastly" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Fastly</span></a> <a href="https://infosec.exchange/tags/CDN" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CDN</span></a> <a href="https://infosec.exchange/tags/AitM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AitM</span></a> <a href="https://infosec.exchange/tags/MitM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MitM</span></a> <a href="https://infosec.exchange/tags/FISASection702" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FISASection702</span></a> <a href="https://infosec.exchange/tags/FISA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FISA</span></a> <a href="https://infosec.exchange/tags/ThreeLetterAgencies" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ThreeLetterAgencies</span></a> <a href="https://infosec.exchange/tags/Trump" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Trump</span></a> <a href="https://infosec.exchange/tags/Sbowden" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Sbowden</span></a> <a href="https://infosec.exchange/tags/E2EE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>E2EE</span></a> <a href="https://infosec.exchange/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a> <a href="https://infosec.exchange/tags/VVD" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>VVD</span></a> <a href="https://infosec.exchange/tags/PVV" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PVV</span></a> <a href="https://infosec.exchange/tags/CIDI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CIDI</span></a> <a href="https://infosec.exchange/tags/VT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>VT</span></a> <a href="https://infosec.exchange/tags/VirusTotal" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>VirusTotal</span></a> <a href="https://infosec.exchange/tags/DVCerts" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DVCerts</span></a> <a href="https://infosec.exchange/tags/DV" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DV</span></a> <a href="https://infosec.exchange/tags/OV" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OV</span></a> <a href="https://infosec.exchange/tags/EV" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>EV</span></a> <a href="https://infosec.exchange/tags/QWAC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>QWAC</span></a> <a href="https://infosec.exchange/tags/CyberCrime" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberCrime</span></a> <a href="https://infosec.exchange/tags/NepWebsites" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NepWebsites</span></a> <a href="https://infosec.exchange/tags/FakeWebsites" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FakeWebsites</span></a></p>
Contao Community<p><a href="https://mastodon.social/tags/Contao" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Contao</span></a> 5.5 ist erschienen. Alles über die neue Version unter <a href="https://contao.org/de/news/contao-5-5-fuenf-backend-booster-und-noch-einiges-mehr" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">contao.org/de/news/contao-5-5-</span><span class="invisible">fuenf-backend-booster-und-noch-einiges-mehr</span></a></p><p><a href="https://mastodon.social/tags/Accessibility" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Accessibility</span></a> <a href="https://mastodon.social/tags/TemplateStudio" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TemplateStudio</span></a> <a href="https://mastodon.social/tags/BackendSuche" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BackendSuche</span></a> <a href="https://mastodon.social/tags/UX" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>UX</span></a> <a href="https://mastodon.social/tags/DV" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DV</span></a> ContaoRocks <a href="https://mastodon.social/tags/OpenSource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenSource</span></a></p>
Erik van Straten<p><span class="h-card" translate="no"><a href="https://mastodon.online/@vwbusguy" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>vwbusguy</span></a></span> : non-ACME certs suck big time.</p><p>However, now the internet has turned into a malicious phishing mess.</p><p>People can no longer determine who is responsible for a website, and nobody cares.</p><p>Google hosted fake websites (using ACME certs from Let's Encrypt) on their cloud servers called:<br>• cancel-google[.]com<br>• adsupport-google[.]com<br>• helpdesk-google[.]com</p><p>See (Dutch) <a href="https://infosec.exchange/@ErikvanStraten/113837934294209517" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">infosec.exchange/@ErikvanStrat</span><span class="invisible">en/113837934294209517</span></a>.</p><p>Google also doesn't give a fsck about HSTS, see <a href="https://infosec.exchange/@ErikvanStraten/113856108585517842" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">infosec.exchange/@ErikvanStrat</span><span class="invisible">en/113856108585517842</span></a>.</p><p>Worse, last year a phishing site with a domain name containing "google" was proxied by Cloudflare - and had a "GOOGLE TRUST SERVICES" DV certificate.</p><p>Did I mention that browsers suck and that Big Tech, making Big Money, is knowingly complicit to cybercrime?</p><p>And did I mention that certificates were not invented to please admins?</p><p><a href="https://infosec.exchange/tags/Phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Phishing</span></a> <a href="https://infosec.exchange/tags/DV" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DV</span></a> <a href="https://infosec.exchange/tags/GoogleIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GoogleIsEvil</span></a> <a href="https://infosec.exchange/tags/BigTechIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BigTechIsEvil</span></a> <a href="https://infosec.exchange/tags/GTS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GTS</span></a> <a href="https://infosec.exchange/tags/BrowsersSuck" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BrowsersSuck</span></a> <a href="https://infosec.exchange/tags/AnonymousWebsites" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AnonymousWebsites</span></a></p>
Kriszta Satori<p>Highly upsetting content<br><a href="https://www.bbc.co.uk/news/articles/cx2n2dn0rkxo" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">bbc.co.uk/news/articles/cx2n2d</span><span class="invisible">n0rkxo</span></a><br><a href="https://journa.host/tags/KienaDawes" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>KienaDawes</span></a> <a href="https://journa.host/tags/VAW" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>VAW</span></a> <a href="https://journa.host/tags/DV" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DV</span></a></p>
Erik van Straten<p><span class="h-card" translate="no"><a href="https://mastodon.social/@eff" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>eff</span></a></span> : what is the point of having an encrypted connection to a criminal website with a "could belong to" domain name?</p><p>What is the point of having an encrypted connection to a Cloudflare MitM (what about privacy)?</p><p>Or even both? Just one example (I can show many): <a href="https://crt.sh/?q=google-ivi.com" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">crt.sh/?q=google-ivi.com</span><span class="invisible"></span></a></p><p><a href="https://infosec.exchange/tags/Fake" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Fake</span></a> <a href="https://infosec.exchange/tags/DV" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DV</span></a> <a href="https://infosec.exchange/tags/JunkCertificates" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>JunkCertificates</span></a></p>
:rss: ORICON NEWS トップ<p>『ライオンの隠れ家』すべての“元凶”が判明 ネット怒り「絶対に許さない」【ネタバレあり】<br><a href="https://www.oricon.co.jp/news/2354324/full/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">oricon.co.jp/news/2354324/full</span><span class="invisible">/</span></a></p><p><a href="https://rss-mstdn.studiofreesia.com/tags/oricon_news" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>oricon_news</span></a> <a href="https://rss-mstdn.studiofreesia.com/tags/%E4%BF%B3%E5%84%AA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>俳優</span></a> <a href="https://rss-mstdn.studiofreesia.com/tags/TBS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TBS</span></a> <a href="https://rss-mstdn.studiofreesia.com/tags/%E3%83%89%E3%83%A9%E3%83%9E" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ドラマ</span></a> <a href="https://rss-mstdn.studiofreesia.com/tags/%E3%83%A9%E3%82%A4%E3%82%AA%E3%83%B3%E3%81%AE%E9%9A%A0%E3%82%8C%E5%AE%B6" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ライオンの隠れ家</span></a> <a href="https://rss-mstdn.studiofreesia.com/tags/%E8%87%AA%E9%96%89%E3%82%B9%E3%83%9A%E3%82%AF%E3%83%88%E3%83%A9%E3%83%A0%E7%97%87" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>自閉スペクトラム症</span></a> <a href="https://rss-mstdn.studiofreesia.com/tags/%E5%81%BD%E8%A3%85%E6%AD%BB" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>偽装死</span></a> <a href="https://rss-mstdn.studiofreesia.com/tags/DV" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DV</span></a> <a href="https://rss-mstdn.studiofreesia.com/tags/%E5%AE%B6%E6%97%8F_%E4%BA%BA%E9%96%93%E9%96%A2%E4%BF%82" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>家族_人間関係</span></a> <a href="https://rss-mstdn.studiofreesia.com/tags/%E3%83%8B%E3%83%A5%E3%83%BC%E3%82%B9" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ニュース</span></a> <a href="https://rss-mstdn.studiofreesia.com/tags/%E7%94%BB%E5%83%8F" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>画像</span></a> <a href="https://rss-mstdn.studiofreesia.com/tags/%E5%86%99%E7%9C%9F" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>写真</span></a></p>
ExploreLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload