home.social

#trustcor — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #trustcor, aggregated by home.social.

  1. This is genuinely fascinating watching a company basically destroy a large part of itself, not so much for what they originally did, but how they reacted when asked about it: groups.google.com/a/mozilla.or #cacert #rootca #certificates #trustcor

  2. This is genuinely fascinating watching a company basically destroy a large part of itself, not so much for what they originally did, but how they reacted when asked about it: groups.google.com/a/mozilla.or #cacert #rootca #certificates #trustcor

  3. This is genuinely fascinating watching a company basically destroy a large part of itself, not so much for what they originally did, but how they reacted when asked about it: groups.google.com/a/mozilla.or #cacert #rootca #certificates #trustcor

  4. This is genuinely fascinating watching a company basically destroy a large part of itself, not so much for what they originally did, but how they reacted when asked about it: groups.google.com/a/mozilla.or #cacert #rootca #certificates #trustcor

  5. The python-certifi maintainers seem to have requested and received a CVE for removing #TrustCor roots from their ca-bundle.

    Noticed our package does not rely on our system-wide CA bundle and as such does not respect reconfiguration done through `security.pki`, which is probably not what users would expect.

    That will be resolved through github.com/NixOS/nixpkgs/pull/, and we'll also add support for NIX_SSL_CERT_FILE, which will likely work throughout most python packages now.

    #nixos CVE-2022-23491

  6. We are removing the three #TrustCor root certificates from our ca-bundle in #nixpkgs.

    This change will need to go through staging for every release, so probably 10-14 days until it will reach endusers.

    github.com/NixOS/nixpkgs/pull/

    #nixos

  7. #Mozilla and #Microsoft distrust #TrustCor certificates due to suspicions over covert spyware operation

    I went ahead and de-registered the TrustCor certificates on all my personal machines. If you're running a Debian system you can do this by running, as root:
    dpkg-reconfigure ca-certificates

    You'll then be given an option to deselect certain certificates as "trusted".

    techspot.com/news/96843-mozill

    #privacy #security #cybersecurity @hen @techlore @sr @thenewoil

  8. @GossiTheDog Holy crap, what a read!

    They got absolutely dogpiled on and destroyed by Mozilla, Google, and Apple (rightfully so) and their replies trying to weasel out of defending themselves publicly, and then reluctantly doing so while addressing 75% of their replies to dumb silly “readers” (us?) and the lamestream “media,” and not the people deciding their fate, hurt my brain to read. Just wow.

    Did Elon buy a CA without any of us realizing...? #trustcor #infosec

  9. When the allegations about #Trustcor first surfaced I thought, you know, maybe people are putting two and two together.

    However from the thread it’s pretty clear they can’t answer simple questions, and shouldn’t be a trusted root CA. groups.google.com/a/mozilla.or

  10. Die Browser Chrome, Safari, Firefox und andere vertrauen den #TLS-Zertifikaten der Zertifizierungsstelle #Trustcor. Doch das Unternehmen hat laut der Zeitung Washington Post Verbindungen zu Auftragnehmern von US-Geheimdiensten und Strafverfolgungsbehörden.

    golem.de/news/chrome-safari-fi #Überwachung #nachSnowden

  11. @SibylleBerg "Berichte, dass Trustcor auch sein in den Browsern integriertes Root-Zertifikat missbraucht haben sollte, gibt es bisher jedoch nicht." - Alles bestens, hier gibt es nichts zu sehen.
    Dem Laden und allen Mitarbeitern gehört auf Lebenszeit der trust entzogen #trustcor #trustgore

  12. Some scary reporting from @[email protected] via The Post: One of the powerful root certificate authorities trusted by big web browsers to vouch for websites operates from a UPS Store address and has ties to a U.S. intelligence contractor selling interception gear: washingtonpost.com/technology/ #TrustCor #TLS

  13. We have a secretive company with a lot of shady connections and no real office. Ok, there are plenty of them, you say. Yes, but the others don't operate root CAs, the businesses that secure our Internet traffic. 🚩

    They also claim to provide end-to-end encrypted mail, but are able to decrypt them. 😱 Reminds me of #Anom

    What could possibly go wrong?

    #RootCA #CA #TrustCor
    washingtonpost.com/technology/

  14. We have a secretive company with a lot of shady connections and no real office. Ok, there are plenty of them, you say. Yes, but the others don't operate root CAs, the businesses that secure our Internet traffic. 🚩

    They also claim to provide end-to-end encrypted mail, but are able to decrypt them. 😱 Reminds me of #Anom

    What could possibly go wrong?

    #RootCA #CA #TrustCor
    washingtonpost.com/technology/

  15. We have a secretive company with a lot of shady connections and no real office. Ok, there are plenty of them, you say. Yes, but the others don't operate root CAs, the businesses that secure our Internet traffic. 🚩

    They also claim to provide end-to-end encrypted mail, but are able to decrypt them. 😱 Reminds me of #Anom

    What could possibly go wrong?

    #RootCA #CA #TrustCor
    washingtonpost.com/technology/

  16. We have a secretive company with a lot of shady connections and no real office. Ok, there are plenty of them, you say. Yes, but the others don't operate root CAs, the businesses that secure our Internet traffic. 🚩

    They also claim to provide end-to-end encrypted mail, but are able to decrypt them. 😱 Reminds me of #Anom

    What could possibly go wrong?

    #RootCA #CA #TrustCor
    washingtonpost.com/technology/