|
Told ya so.
Back when SMTP was invented, the marketing scum pounced on it because it was a free way for them to mass distribute their spam and viruses. Now email traffic is over 80% spam.
Anytime you make something free, like Letsencrypt has done, the criminals will lap it up like puppies. Letsencrypt are completely responsible for this mess that they have created.
Back when SSL costed $300 a year cybercriminals would almost never spend that money...
Oh well, I'm wasting my breath. Bring on the criminals. That's our world now.
|
|
|
|
|
The solution is to set LetsEncrypt as an un-trusted CA.
I think it's better if people start doing that sooner, rather than later.
"There are three kinds of lies: lies, damned lies and statistics."
- Benjamin Disraeli
|
|
|
|
|
That is the only solution at this point.
What is surprising is that the major browsers are trusting this CA which does not validate certificates. There is no checking of credentials, business details, policing of the OBVIOUS phishing urls - NONE. None at all.
Just here, free certs!
The mind boggles.
They need to be sued.
|
|
|
|
|
Basildane wrote: Just here, free certs!The mind boggles.
It's total craziness.
Like allowing a known criminal organization to start a bank. "Sure, bring your money in and we'll keep it safe in our vaults for free. Sure we will."
|
|
|
|
|
There were always certs issued to phishing sites, that's nothing new. Only the scale is new.
|
|
|
|
|
While this is true, if analytics has taught us anything, it's that just scale provides a hell of a lot of power.
A CA should follow up on reports of fraudulent activity. This is how it's always worked, and verified malicious activity is generally rewarded with a revocation of certificates.
That's not how LetsEncrypt operates, nor can they, thanks to the scale of the problem.
"There are three kinds of lies: lies, damned lies and statistics."
- Benjamin Disraeli
|
|
|
|
|
It's not an "s" that makes a site secure. At the very least one must use a decent browser (i.e. not IE) and check the address bar and title bar. If something looks strange about the site double check the IP with other DNS and some historical data (I keep my bank IPs on a text file just in case). Technology is not a substitute for brain.
When the 'S' in HTTPS also stands for shady Please stand up!
* CALL APOGEE, SAY AARDWOLF
* GCS d--- s-/++ a- C++++ U+++ P- L- E-- W++ N++ o+ K- w+++ O? M-- V? PS+ PE- Y+ PGP t++ 5? X R++ tv-- b+ DI+++ D++ G e++>+++ h--- ++>+++ y+++* Weapons extension: ma- k++ F+2 X
* Never pay more than 20 bucks for a computer game.
* I'm a puny punmaker.
|
|
|
|
|
den2k88 wrote: Technology is not a substitute for brain.
What!?!
It is a substitute for Intelligence though, right?
Augmented? Artificial?
|
|
|
|
|
Natural stupidity beats artificial intelligence anytime.
* CALL APOGEE, SAY AARDWOLF
* GCS d--- s-/++ a- C++++ U+++ P- L- E-- W++ N++ o+ K- w+++ O? M-- V? PS+ PE- Y+ PGP t++ 5? X R++ tv-- b+ DI+++ D++ G e++>+++ h--- ++>+++ y+++* Weapons extension: ma- k++ F+2 X
* Never pay more than 20 bucks for a computer game.
* I'm a puny punmaker.
|
|
|
|
|
den2k88 wrote: Technology is not a substitute for brain. mandatory[^]
M.D.V.
If something has a solution... Why do we have to worry about?. If it has no solution... For what reason do we have to worry about?
Help me to understand what I'm saying, and I'll explain it better to you
Rating helpful answers is nice, but saying thanks can be even nicer.
|
|
|
|
|
Once you understand how easy and common it is for thieves to attach “skimming” devices to ATMs and other machines that accept debit and credit cards, it’s difficult not to closely inspect and even tug on the machines before using them. Security through yankery
|
|
|
|
|
Comcast Corp, Verizon Communications Inc and AT&T Inc said Friday they would not sell customers’ individual internet browsing information, days after the U.S. Congress approved legislation reversing Obama administration era internet privacy rules. Rent?
|
|
|
|
|
Related: Trump signs bill rolling back FCC privacy rules for ISPs[^]
M.D.V.
If something has a solution... Why do we have to worry about?. If it has no solution... For what reason do we have to worry about?
Help me to understand what I'm saying, and I'll explain it better to you
Rating helpful answers is nice, but saying thanks can be even nicer.
|
|
|
|
|
Kent Sharkey wrote: Rent? Exactly.
Customers' personal details as a service is a much more profitable model.
I wanna be a eunuchs developer! Pass me a bread knife!
|
|
|
|
|
Whilst writing a previous blog post I stumbled across the .NET Interpreter, tucked away in the source code. So you can replace all that pesky JavaScript code?
|
|
|
|
|
Microsoft today announced that it’s shutting down CodePlex, its service for hosting repositories of open source software. The service launched in 2006, and now it will be going away on December 15. Code-what now?
Launched in 2006, and I think this might be the first time I've heard it used in a sentence.
|
|
|
|
|
Hey, Leslie! I thought you were dead![^]
What do you get when you cross a joke with a rhetorical question?
The metaphorical solid rear-end expulsions have impacted the metaphorical motorized bladed rotating air movement mechanism.
Do questions with multiple question marks annoy you???
|
|
|
|
|
Yeah, I updated the news item to point to the one below, but forgot to delete this.
I is ashamed.
TTFN - Kent
|
|
|
|
|
Even if you're a fan of strong coffee, Black Insomnia might still keep you up at night ... or for several nights. Doppio, please
|
|
|
|
|
For enterprise developers, adopting Swift over Objective-C as a primary language is not an easy decision to make. I really should make a red shirt joke here, but I'm just too lazy
|
|
|
|
|
|
It is just Par for the Course for Microsoft.
|
|
|
|
|
Well, they seem to have a graceful exit strategy. As it is, probably 90% of the links that lead me to CodePlex end up having a "we've moved to GitHub" message anyways.
No big loss, one less repo to have to deal with, which is a good thing, I think.
CodePlex.com will start serving a read-only lightweight archive that will allow you to browse through all published projects – their source code, downloads, documentation, license, and issues
documentation? Every time I've clicked on the "documentation" link for a project on CodePlex it's empty. The possible notable exception was NewtonsoftJson, when it was still on CodePlex.
Marc
Latest Article - Merkle Trees
Learning to code with python is like learning to swim with those little arm floaties. It gives you undeserved confidence and will eventually drown you. - DangerBunny
Artificial intelligence is the only remedy for natural stupidity. - CDP1802
|
|
|
|
|
Documentation (like this[^]) is one of the things that the migration tool doesn't do well as you have to correct all the linked page names to add the .md suffix
|
|
|
|
|
OMG. That's the second CodePlex project I've ever seen with documentation.
Marc
Latest Article - Merkle Trees
Learning to code with python is like learning to swim with those little arm floaties. It gives you undeserved confidence and will eventually drown you. - DangerBunny
Artificial intelligence is the only remedy for natural stupidity. - CDP1802
|
|
|
|