elefant @elefant

4 posts4 participants0 posts today

Replied in thread

**Kevin Karhan** @kkarhan@infosec.space · 1d

@cR0w too many.

Jist like there are way too many applications suceptible to the #CryptoAPI #backdoor of #Windows.

http://github.com/kkarhan/windows-ca-backdoor-fix

So far testing by @ct_Magazin / @heiseonline (and myseof later on) revealed only few #Apps not vulnerable to this specifics #Govware:

#Firefox (uses @Mozilla / @mozilla_support / #Mozilla #NSS & has it's own #SSL certificate storage)
@thunderbird (Mozilla NSS)
@torproject / #TorBrowser (Mozilla NSS; custom certificates)
#curl (uses @bagder #WolfSSL and manages it's own certs)

Anything else that uses the CryptoAPI is, espechally *all #Chromium-Forks (aka. All Browsers except Firefox, Tor Browser, #dillo, #LynxBrowser…)

Fixes a critical backdoor in Windows' CryptoAPI, which allows to unconsenting Update of CA Certificates in the background. See https://www.heise.de/ct/ausgabe/2013-17-Zweifelhafte-Updates-gefae...

GitHubGitHub - kkarhan/windows-ca-backdoor-fix: Fixes a critical backdoor in Windows' CryptoAPI, which allows to unconsenting Update of CA Certificates in the background. See https://www.heise.de/ct/ausgabe/2013-17-Zweifelhafte-Updates-gefaehrden-SSL-Verschluesselung-2317589.htmlFixes a critical backdoor in Windows' CryptoAPI, which allows to unconsenting Update of CA Certificates in the background. See https://www.heise.de/ct/ausgabe/2013-17-Zweifelhafte-Updates-gefae...

**Wireshark** @wireshark · 1d

Wireshark @wireshark

The final day of SharkFest’25 US pre-conference classes are well underway! @packetjay and Sake Blok are teaching classes about #TCP and #SSL/TLS troubleshooting.

**Hacker News** @h4ckernews@mastodon.social · 2d

Hacker News @h4ckernews@mastodon.social

Why SSL was renamed to TLS in late 90s (2014)

https://tim.dierks.org/2014/05/security-standards-and-name-changes-in.html

tim.dierks.orgSecurity Standards and Name Changes in the Browser WarsThe Netscape/Microsoft browser wars in the mid-90's were really vicious and competitive. They really had it out for each other. Netscape had...

#HackerNews #SSL #TLS

**linux** @linux@activitypub.awakari.com · 3d

linux @linux@activitypub.awakari.com

Docker + Nginx + Certbot: как я поднял свой сайт-резюме на домашнем сервере Docker + Nginx + Certbot: как я поднял свой сайт-резюме ...

#Nginx #Docker #docker #compose #Linux #ssl #certbot #letsencrypt

Origin | Interest | Match

**frimoulux** @frimoulux@mastodon.social · Jun 10

Jun 10

frimoulux @frimoulux@mastodon.social

Salut ! Si tu cherches à créer un site web, je te recommande celui-ci.

https://offre.zouluvo.com/

#siteweb #création #hébergement

**Firefox** @Firefox@activitypub.awakari.com · Jun 10

Jun 10

Firefox @Firefox@activitypub.awakari.com

Google Chrome to Distrust Chunghwa Telecom and Netlock Certificates from August 2025 Google Chrom...

#SSL #Certificate #Distrust #SSL #TLS #Certificates
Origin | Interest | Match

Replied in thread

**Steve Frenzel** @stvfrnzl@mastodon.online · Jun 7

Jun 7

Steve Frenzel @stvfrnzl@mastodon.online

@matthiasott giving me #ssl vibes

Screenshot of the SSL channel strip plugin with grey, green, red and blue knobs

**OTX Bot** @techbot@social.raytec.co · Jun 6

Jun 6

OTX Bot @techbot@social.raytec.co

Abusing Paste.ee to Deploy XWorm and AsyncRAT Across Global C2 Infrastructure

A sophisticated malware campaign has been discovered utilizing paste.ee to distribute XWorm and AsyncRAT. The attackers employ obfuscated JavaScript with Unicode characters to download and execute malicious code from paste.ee URLs. The infrastructure includes multiple C2 servers across Europe and the US, using specific ports and SSL certificates. XWorm, a stealthy RAT, captures keystrokes, exfiltrates data, and maintains persistent remote access. AsyncRAT, an open-source trojan, is also part of the campaign. The attackers use a network of IP addresses and domains, with some hosted by QuadraNet Enterprises LLC and dataforest GmbH. Defenders are advised to block identified domains, monitor suspicious connections, and update security software to detect unusual behavior.

Pulse ID: 6842cadffd8a660c92f9fecb
Pulse Link: https://otx.alienvault.com/pulse/6842cadffd8a660c92f9fecb
Pulse Author: AlienVault
Created: 2025-06-06 11:02:55

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

LevelBlue Open Threat ExchangeLevelBlue - Open Threat ExchangeLearn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.

#AsyncRAT #CyberSecurity #Europe

**Thomas Frans** @thomy2000@fosstodon.org · Jun 6

Jun 6

Thomas Frans @thomy2000@fosstodon.org

It seems like today, #Caddy automatically stopped automatically renewing #SSL certificates.

Yes, you read that correctly. I will now scream into the void.

#SelfHosted #SelfHosting #HomeServer

**AskUbuntu** @askubuntu@ubuntu.social · May 27

May 27

AskUbuntu @askubuntu@ubuntu.social

correct protocol to renew certificate for apache site and what the use of update-ca-certificates? #apache2 #ssl

https://askubuntu.com/q/1549469/612

Ask Ubuntucorrect protocol to renew certificate for apache site and what the use of update-ca-certificates?context Ubuntu, Apache, need to renew certificate on a site I have new key and crt files exact same names as the old ones Question 1 Can I just overwrite the existing crt files and the key file and...

**OTX Bot** @techbot@social.raytec.co · May 23

May 23

OTX Bot @techbot@social.raytec.co

ViciousTrap - Infiltrate, Control, Lure: Turning edge devices into honeypots en masse.

A threat actor nicknamed ViciousTrap has compromised over 5,500 edge devices, transforming them into honeypots. The actor targets more than 50 brands of SOHO routers, SSL VPNs, DVRs, and BMC controllers, possibly to collect exploited vulnerabilities. The infection chain involves exploiting CVE-2023-20118 to deploy a script called NetGhost, which redirects incoming traffic to the attacker's infrastructure. The compromised devices, mostly end-of-life, are used to create a distributed honeypot-like network across Asia. The actor, likely of Chinese-speaking origin, may be attempting to observe exploitation attempts and collect non-public or zero-day exploits. The infrastructure uses servers in Malaysia, and the campaign has been ongoing since March 2025.

Pulse ID: 6830c0b98077133a71396f00
Pulse Link: https://otx.alienvault.com/pulse/6830c0b98077133a71396f00
Pulse Author: AlienVault
Created: 2025-05-23 18:38:49

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Asia #Chinese #CyberSecurity

**Hacker News** @h4ckernews@mastodon.social · May 23

May 23

Hacker News @h4ckernews@mastodon.social

Why I no longer have an old-school cert on my HTTPS site

https://rachelbythebay.com/w/2025/05/22/ssl/

#HackerNews #oldschoolcert #HTTPS

**Anthony Powell** @ajguides@mastodon.social · May 23

May 23

Anthony Powell @ajguides@mastodon.social

How to Easily Secure A Website | https://techygeekshome.info/how-to-easily-secure-a-website/?fsp_sid=23475 | #Certificates #security #SSL
https://techygeekshome.info/how-to-easily-secure-a-website/?fsp_sid=23475

#certificates

**ASX Mkt. Sensitive** @ASXMktSensitive@mastodon-grafa.social · May 23

May 23

ASX Mkt. Sensitive @ASXMktSensitive@mastodon-grafa.social

Sietel ( #SSL ) has released " Half Yearly Reports and Accounts " on Fri 23 May at 09:55 AEST #tax #government #trading #Mining #Australia
https://grafa.com/asset/sietel-ltd-4451-ssl.asx?utm_source=asxmktsensitive&utm_medium=mastodon&utm_campaign=ssl.asx

GrafaSietel share priceSietel (ASX:SSL) is an asset listed on the ASX, and part of the Real Estate sector. Grafa’s asset page shows Sietel’s share price, chart, trading volume, earnin

**linux** @linux@activitypub.awakari.com · May 22

May 22

linux @linux@activitypub.awakari.com

https://www.freelancer.com/projects/linux/Resolve-FTPS-Certificate-Issue.html

#Linux #Network #Administration #SSL #System #Admin #Web #Security

Result Details

FreelancerResolve FTPS/CA Certificate IssueLinux & System Admin Projects for €8-100 EUR. I'm looking for a professional with experience in Linux system administration and network security, particularly in configur

Replied in thread

**Kevin Karhan** @kkarhan@infosec.space · May 22

May 22

Kevin Karhan @kkarhan@infosec.space

@christopherkunz #UnpopularOpinion: The #ValueRemoving #RentSeeking nature of #SSL-#Certificates is the problem.

Solutions that tried to unfuck this ( @cacert ) got cockblocked by #Apple and #Microsoft whilst @letsencrypt which basically provides certificates to everyone and everything gets a free pass.

Because #SiliconValley is more equal than others!

#siliconvalley

**AskUbuntu** @askubuntu@ubuntu.social · May 20

May 20

AskUbuntu @askubuntu@ubuntu.social

Ubuntu20.04 not finding libssl.so.10 #packagemanagement #ssl #curl

https://askubuntu.com/q/1548116/612

Ask UbuntuUbuntu20.04 not finding libssl.so.10I'm running fully updated Ubuntu20.04 $ uname -v #149~20.04.1-Ubuntu SMP Wed Apr 16 08:29:56 UTC 2025 and when I try to run any curl command I get this: $ curl --version curl: error while loading

**mirabilos** @mirabilos@toot.mirbsd.org · May 20

May 20

mirabilos @mirabilos@toot.mirbsd.org

Can’t wait for @jwildeboer ’s https://nerdcert.eu/ to take off and be included in the usual bundles like Debian ca-certificates as a big FU to Google, who mandate webbrowser-consumer-only key usages for certificates soon, and to Let’s Encrypt who are following Google mindlessly and try to argue people with these uses to death instead of standing up for people’s freedom and keep existing, working uses of SSL/TLS merely because those are not webbrowser-consumer uses.

nerdcert.eunerdcert.euFree certificates. For nerds. That offer more than just ServerAuth

#nerdcert #LetsEncrypt #SSL

**Anthony Powell** @ajguides@mastodon.social · May 16

May 16

Anthony Powell @ajguides@mastodon.social

How to Setup your Website with a free SSL Certificate | https://techygeekshome.info/website-http-to-https/?fsp_sid=22601 | #Blogger #Chrome #Guide #refresh #security #SSL #Wordpress
https://techygeekshome.info/website-http-to-https/?fsp_sid=22601

#blogger

**Trusty** @trusty@dnsimple.social · May 15 *

May 15 *

Trusty @trusty@dnsimple.social

DNSSEC is a big deal. It’s complex, but it doesn’t have to be boring. So we figured, why not let a taco explain it? We’re demystifying DNSSEC in the most entertaining way possible, complete with quirky jokes and characters. We love sharing our knowledge of all things #DNS, #SSL certs, and #DNSSEC, and we hope you enjoy this interactive exploration of How DNSSEC Works!

https://howdnssec.works/

howdnssec.worksHow DNSSEC worksLearn why DNS needs security through tacos, crabs, and cryptographic laughs. How DNSSEC Works turns complex internet plumbing into an illustrated adventure.

Recent searches

Search options

Administered by:

Server stats:

#ssl