r3d_f0x
  • Glossary
  • Info
r3d_f0x
  • Glossary
  • Info
  • Home
  • 2017
  • July

Monthly archives for July, 2017

Certbot from Let’s Encrypt is making it easier to secure criminal websites

July 18, 2017 Leave a Comment Written by r3d_f0x

This article points out an apparent vulnerability with the Let’s Encrypt certificate authority for requesting free SSL encryption certificates.  The process of securing websites is automated by using their Certbot application that automatically installs certificates and configures web servers when a new site is added.  FOXDEV uses this service.  The asserted vulnerability with LE certificates is the ability to get a certificate for a phishing or scam website.  This isn’t a true vulnerability and LE isn’t giving criminals much more then they had before.

When a criminal orders a free SSL certificate from LE to use for a website, all they’re getting is an encryption certificate from a trusted authority that won’t alert browsers.  It displays a green padlock in the browser, but this is a problem with user behavior, not a problem with the service itself.  The problem can come up if a criminal makes a sub domain like this to use for a scam site: user-authentication.paypal.com.4433.service.example.com or paypal.com.4433.service.example.com.  It appears to be a subdomain of paypal.com.  Sub domains like this have already been in use by criminals to make websites look legitimate by including a real domain within a sub domain.  These domains can be used with unencrypted websites.  Most websites have been unencrypted until recently.  Before LE was available, criminals could still buy a certificate from one of the authorities.  They could even buy a wild card certificate and make an unlimited number of fraudulent sub domains.  The only advantage that criminals have now is the ability to request certificates for free.  Since they could still buy a wild card certificate before, this isn’t much of an advantage.

The solution to this problem is in reeducating user behavior.  Big businesses have bragged on their websites about the security of their websites and directed users to look for the padlock icon to verify that the site they were accessing was real.  Even before LE, any criminal could have bought a certificate for a fraudulent domain and used it to generate the same padlock icon.  We need to educate users that HTTPS only encrypts their access and they still need to verify the last levels of the domain properly.

Internet Culture, Security, Technology, Vulnerabilities, Web encryption

Anti Fascist video from 1947

July 4, 2017 Leave a Comment Written by r3d_f0x

I just found this and a lot of it is still relevant.  Don’t let the pink haired stormtroopers destroy freedom for their goals.

Fascism, Internet Culture

Links

  • Wiki
  • Forum
  • Gitlab
  • Chat - discord.me/r3df0x
  • Recent Posts

    • This is why conservatives keep ending up with the alt-right
    • Digital Ocean now has separation for different projects
    • Anti SJWs are NPCs
    • I can’t stand Tim Pool anymore
    • When conservatives talk about communists

    Recent Comments

      Archives

      • January 2019
      • November 2018
      • October 2018
      • September 2018
      • August 2018
      • June 2018
      • April 2018
      • March 2018
      • January 2018
      • December 2017
      • July 2017
      • May 2017

      Categories

      • Alternative Liberals
      • Centerism
      • Conservatives
      • Culture
      • Discourse
      • Discussion software
      • Fascism
      • Feminism
      • Gaming
      • Gender
      • Guns
      • Internet Culture
      • Neckbeards
      • Online comments
      • Politics
      • Programming
      • Psychology
      • Racism
      • Religion
      • Russia
      • Satire
      • Security
      • Slavs
      • Social Justice Warriors
      • Technology
      • Vulnerabilities
      • Web encryption
      • Youtube Gun Community

      Meta

      • Log in
      • Entries RSS
      • Comments RSS
      • WordPress.org

      evolve theme by Theme4Press  •  Powered by WordPress