Erik van Straten<p><span class="h-card" translate="no"><a href="https://mastodon.scot/@UndisScot" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>UndisScot</span></a></span> : apprivalm[.]com is CDN-ed by evil Cloudflare on 172.67.155.250 and 104.21.66.40 (<a href="https://www.virustotal.com/gui/domain/apprivalm.com/details" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">virustotal.com/gui/domain/appr</span><span class="invisible">ivalm.com/details</span></a>). The registrar is "Atak Domain" (who'd expect such a name).</p><p>Said Cloudflare IP's "host" (actually reverse proxy, MitM-ing TLS) a zillion of other phishing websites, including syncthing.rilian[.]link (see below).</p><p>Most, if not all, have an https server certificate issued by "Google Trust Services".</p><p><a href="https://infosec.exchange/tags/CloudflareIsEvil" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CloudflareIsEvil</span></a> <a href="https://infosec.exchange/tags/GoogleIsEvil" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GoogleIsEvil</span></a> <a href="https://infosec.exchange/tags/BigTechIsEvil" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BigTechIsEvil</span></a></p>
eupolicy.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
This Mastodon server is a friendly and respectful discussion space for people working in areas related to EU policy. When you request to create an account, please tell us something about you.
Administered by:
Server stats:
209active users
eupolicy.social: About · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.4.1
#bigtechisevil
0 posts · 0 participants · 0 posts today
Erik van Straten<p>GoDaddy facilitates cybercrime</p><p>Screenshot (not edited) of part of the section "Subdomains" in <a href="https://www.virustotal.com/gui/domain/godaddysites.com/relations" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">virustotal.com/gui/domain/goda</span><span class="invisible">ddysites.com/relations</span></a>, zoomed in to make the domain names better readable (the hosting IP-addresses are not visible in this screenshot; most of them are either 13.248.243[.]5 or 76.223.105[.]230).</p><p>In the column at the right, 'n' in 'n/94' is the number of virusscanners that consider the website (with the specified domain name) malicious.</p><p><a href="https://infosec.exchange/tags/GoDaddyIsEvil" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GoDaddyIsEvil</span></a> <a href="https://infosec.exchange/tags/BigTechIsEvil" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BigTechIsEvil</span></a> <a href="https://infosec.exchange/tags/Phishing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Phishing</span></a> <a href="https://infosec.exchange/tags/CyberCrime" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberCrime</span></a> <a href="https://infosec.exchange/tags/Complicit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Complicit</span></a> <a href="https://infosec.exchange/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InfoSec</span></a> <a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://infosec.exchange/tags/MaliciousWebSites" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MaliciousWebSites</span></a> <a href="https://infosec.exchange/tags/Impersonation" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Impersonation</span></a> <a href="https://infosec.exchange/tags/CryptoCurrency" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CryptoCurrency</span></a> <a href="https://infosec.exchange/tags/Coinbase" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Coinbase</span></a> <a href="https://infosec.exchange/tags/Kucoin" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Kucoin</span></a> <a href="https://infosec.exchange/tags/Kraken" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Kraken</span></a></p>
Erik van Straten<p><span class="h-card" translate="no"><a href="https://hachyderm.io/@apicultor" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>apicultor</span></a></span> wrote:</p><p>"Much like with Webauthn, that's not how it works. You can't just capture and replay it."</p><p>WebAuthn is TOFU (there is a reason that phishing domain names such as<br>• mypasskey[.]info<br>• passkeysetup[.]com<br>exist). In WebAuthn a unique asymmetric key pair is bound to (part of the) domain name. AitM attacks are possible if an attacker illegitimately obtains a certificate for the domain name (examples can be found in <a href="https://infosec.exchange/@ErikvanStraten/112914050216821746" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">infosec.exchange/@ErikvanStrat</span><span class="invisible">en/112914050216821746</span></a>).</p><p>EDIW is in no way comparable to WebAuthn, among other reasons because:</p><p>1) It's not even TOFU: it does not remember.</p><p>2) AFAIK EDIW "relying party authentication" is optional.</p><p><span class="h-card" translate="no"><a href="https://noc.social/@hlindqvist" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>hlindqvist</span></a></span> </p><p><a href="https://infosec.exchange/tags/EDIW" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>EDIW</span></a> <a href="https://infosec.exchange/tags/EUDIW" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>EUDIW</span></a> <a href="https://infosec.exchange/tags/eID" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>eID</span></a> <a href="https://infosec.exchange/tags/MitM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MitM</span></a> <a href="https://infosec.exchange/tags/AitM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AitM</span></a> <a href="https://infosec.exchange/tags/DVcerts" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DVcerts</span></a> <a href="https://infosec.exchange/tags/DomainValidation" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DomainValidation</span></a> <a href="https://infosec.exchange/tags/BrowsersSuck" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BrowsersSuck</span></a> <a href="https://infosec.exchange/tags/DV" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DV</span></a> <a href="https://infosec.exchange/tags/GoogleIsEvil" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GoogleIsEvil</span></a> <a href="https://infosec.exchange/tags/BigTechIsEvil" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BigTechIsEvil</span></a> <a href="https://infosec.exchange/tags/CloudflareIsEvil" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CloudflareIsEvil</span></a> <a href="https://infosec.exchange/tags/Phishing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Phishing</span></a> <a href="https://infosec.exchange/tags/RP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RP</span></a> <a href="https://infosec.exchange/tags/RelyingParty" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RelyingParty</span></a> <a href="https://infosec.exchange/tags/RelyingPartyAuthentication" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RelyingPartyAuthentication</span></a></p>
Erik van Straten<p><span class="h-card" translate="no"><a href="https://hachyderm.io/@apicultor" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>apicultor</span></a></span> wrote:<br>"OCSP traffic is plaintext HTTP and just as much of a data goldmine as TLS SNI. ECH is going to remove the latter."</p><p>The server's IP-address is always visible and you ignored the arguments that I provided.</p><p>"Which replacements for BGP and DNS do you suggest?"</p><p><a href="https://infosec.exchange/@ErikvanStraten/113079966331873386" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">infosec.exchange/@ErikvanStrat</span><span class="invisible">en/113079966331873386</span></a></p><p>">Supporting DN's like "ing–movil.com" and "m–santander.de" *is* facilitating cybercrime, by repeatedly mis-issuing certs for them</p><p>These are not misissuances according to the CABF (which is the single authority that matters on this subject). I recommend you educate yourself on the definition of misissuance."</p><p>Internet users DO NOT CARE what the CABF considers to be "misissuance".</p><p>If a CSP hands out certificates for domain names such as can be found in <a href="https://www.virustotal.com/gui/ip-address/188.114.96.0/relations" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">virustotal.com/gui/ip-address/</span><span class="invisible">188.114.96.0/relations</span></a>, they simply facilitate cybercrime.</p><p>The main problem for internet users is that they cannot distinguish between, on the one hand, serious and authentic websites, and on the other hand, junk- and plain criminal websites.</p><p>You are not providing any solutions for the rapidly criminalizing internet.</p><p><span class="h-card" translate="no"><a href="https://infosec.exchange/@troyhunt" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>troyhunt</span></a></span> <span class="h-card" translate="no"><a href="https://infosec.exchange/@dangoodin" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>dangoodin</span></a></span> <span class="h-card" translate="no"><a href="https://infosec.exchange/@BleepingComputer" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>BleepingComputer</span></a></span> <span class="h-card" translate="no"><a href="https://infosec.exchange/@agl" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>agl</span></a></span> </p><p><a href="https://infosec.exchange/tags/DVcerts" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DVcerts</span></a> <a href="https://infosec.exchange/tags/DomainValidation" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DomainValidation</span></a> <a href="https://infosec.exchange/tags/BrowsersSuck" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BrowsersSuck</span></a> <a href="https://infosec.exchange/tags/DV" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DV</span></a> <a href="https://infosec.exchange/tags/GoogleIsEvil" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GoogleIsEvil</span></a> <a href="https://infosec.exchange/tags/BigTechIsEvil" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BigTechIsEvil</span></a> <a href="https://infosec.exchange/tags/CloudflareIsEvil" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CloudflareIsEvil</span></a> <a href="https://infosec.exchange/tags/Phishing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Phishing</span></a></p>
Erik van Straten<p>Virussen en phishing</p><p>(Een late reactie op een discussie tussen <span class="h-card" translate="no"><a href="https://mastodon.nl/@EllyvA" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>EllyvA</span></a></span> en <span class="h-card" translate="no"><a href="https://mastodon.nl/@ximaar" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>ximaar</span></a></span> eindigend met <a href="https://mastodon.nl/@EllyvA/114064535418745561" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">mastodon.nl/@EllyvA/1140645354</span><span class="invisible">18745561</span></a>).</p><p>Computervirussen, in de zin van malware (malicious software) die zichzelf verspreidt, zie ik nauwelijks nog - omdat mensen geen floppies meer gebruiken om gegevens uit te wisselen.</p><p>Cybercriminelen gebruiken nu vooral social engineering om mensen te bestelen, of om aan vertrouwelijke gegevens te komen waarmee zij vervolgens mensen overtuigen dat zij een betrouwbare partij zijn.</p><p>Als zij malware maken bestaat de kwaadaardige component uit een programma (of script in het een of andere document) dat zij bij elke verspreiding wijzigen, en eerst testen op alle gangbare virusscanners (waardoor de meeste scanners aanvankelijk kansloos zijn).</p><p>In een steeds groter deel van de gevallen maakt malware misbruik van standaard onder Windows geïnstalleerde software ("lolbins" - Living Of the Land binaries) of installeert een legitieme driver waarmee verhoogde rechten (administrator privileges) worden verkregen.</p><p>Ook zeer populair zijn RAT's, Remote Access Tools zoals Teamviewer en Anydesk (steeds vaker misbruikt ook op Android en iPhones). Mensen wordt vaak voorgelogen dat zij een virusscanner zouden moeten installeren - en dat is dus zo'n RAT, zie <a href="https://infosec.exchange/@ErikvanStraten/113987804370380156" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">infosec.exchange/@ErikvanStrat</span><span class="invisible">en/113987804370380156</span></a>.</p><p>En inderdaad is phishing een gigantisch probleem - waar virusscanners nauwelijks of niet tegen helpen, omdat criminelen steeds nieuwe domeinnamen gebruiken (vb: <a href="https://security.nl/posting/879531" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">security.nl/posting/879531</span><span class="invisible"></span></a>) voor hun websites, en vaak captcha's inzetten waar virusscanners niet "doorheen komen".</p><p>Het komt ook voor dat automatisch door browsers verzonden gegevens, en/of IP-adressen, en/of tijdstip van de dag vaak aan specifieke criteria moeten voldoen wil de kwaadaardige versie van een website worden getoond (zie screenshot, druk Alt voor meer info).</p><p>Het beste dat je kunt doen, na het openen van een webpagina, is niet op de inhoud letten maar op de DOMEINNAAM (in de adresbalk van de browser). Voor veel te veel mensen is het echter (nagenoeg) onmogelijk om vast te stellen dat een gegeven domeinnaam *niet* van de gesuggereerde organisatie is - en hier bestaat helaas geen SIMPEL en betrouwbaar recept voor.</p><p><a href="https://infosec.exchange/tags/Phishing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Phishing</span></a> <a href="https://infosec.exchange/tags/Virusscanners" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Virusscanners</span></a> <a href="https://infosec.exchange/tags/SocialEngineering" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SocialEngineering</span></a> <a href="https://infosec.exchange/tags/BigTechIsEvil" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BigTechIsEvil</span></a> <a href="https://infosec.exchange/tags/GoogleIsEvil" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GoogleIsEvil</span></a> <a href="https://infosec.exchange/tags/CloudflareIsEvil" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CloudflareIsEvil</span></a></p>
Erik van Straten<p><span class="h-card" translate="no"><a href="https://freeradical.zone/@mensrea" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>mensrea</span></a></span> : if you visit a shop (or a bank) in the center of the city, chances are near zero that it's run by impostors.</p><p>However, if you go to some vague second hand market, chances are the you will be deceived.</p><p>Possibly worse, if there's an ATM on the outside wall of a shack where Hells Angels meet, would you insert your bank card and enter your PIN?</p><p>On the web, most people do not know WHERE they are.</p><p>Big Tech is DELIBERATELY withholding essential information from people, required to determine the amount of trust that a website deserves.</p><p>DELIBERATELY, because big tech can rent much more (cheap) hosting and (meaningless) domain names to whomever if website vistors cannot distinguish between authentic and fake websites.</p><p>You are right that some people will never understand why they need to know who owns a website.</p><p>However, most people (including <span class="h-card" translate="no"><a href="https://infosec.exchange/@troyhunt" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>troyhunt</span></a></span> ) would enormously benefit.</p><p>Like all the other deaf and blind trolls, you trash a proposal because it may be useless for SOME, you provide zero solutions and you keep bashing me.</p><p>What part of "get lost" do you not understand?</p><p><span class="h-card" translate="no"><a href="https://mastodon.ar.al/@aral" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>aral</span></a></span> <span class="h-card" translate="no"><a href="https://ec.social-network.europa.eu/@EUCommission" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>EUCommission</span></a></span> <span class="h-card" translate="no"><a href="https://infosec.exchange/@letsencrypt" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>letsencrypt</span></a></span> <span class="h-card" translate="no"><a href="https://social.nlnet.nl/@nlnet" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>nlnet</span></a></span> </p><p><a href="https://infosec.exchange/tags/Authentication" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Authentication</span></a> <a href="https://infosec.exchange/tags/Impersonation" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Impersonation</span></a> <a href="https://infosec.exchange/tags/Spoofing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Spoofing</span></a> <a href="https://infosec.exchange/tags/Phishing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Phishing</span></a> <a href="https://infosec.exchange/tags/DV" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DV</span></a> <a href="https://infosec.exchange/tags/GoogleIsEvil" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GoogleIsEvil</span></a> <a href="https://infosec.exchange/tags/BigTechIsEvil" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BigTechIsEvil</span></a> <a href="https://infosec.exchange/tags/Certificates" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Certificates</span></a> <a href="https://infosec.exchange/tags/httpsVShttp" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>httpsVShttp</span></a> <a href="https://infosec.exchange/tags/AitM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AitM</span></a> <a href="https://infosec.exchange/tags/MitM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MitM</span></a> <a href="https://infosec.exchange/tags/FakeWebsites" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FakeWebsites</span></a> <a href="https://infosec.exchange/tags/CloudflareIsEvil" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CloudflareIsEvil</span></a> <a href="https://infosec.exchange/tags/bond" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bond</span></a> <a href="https://infosec.exchange/tags/dotBond" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>dotBond</span></a> <a href="https://infosec.exchange/tags/Spam" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Spam</span></a> <a href="https://infosec.exchange/tags/Infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Infosec</span></a> <a href="https://infosec.exchange/tags/Ransomware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Ransomware</span></a> <a href="https://infosec.exchange/tags/Banks" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Banks</span></a></p>
Erik van Straten<p><span class="h-card" translate="no"><a href="https://freeradical.zone/@mensrea" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>mensrea</span></a></span> : it is not the UI/UX that is the problem. It is missing reliable info in the certs.</p><p>Image from <a href="https://infosec.exchange/@ErikvanStraten/114224682101772569" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">infosec.exchange/@ErikvanStrat</span><span class="invisible">en/114224682101772569</span></a></p><p><span class="h-card" translate="no"><a href="https://mastodon.ar.al/@aral" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>aral</span></a></span> <span class="h-card" translate="no"><a href="https://ec.social-network.europa.eu/@EUCommission" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>EUCommission</span></a></span> <span class="h-card" translate="no"><a href="https://infosec.exchange/@letsencrypt" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>letsencrypt</span></a></span> <span class="h-card" translate="no"><a href="https://social.nlnet.nl/@nlnet" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>nlnet</span></a></span> </p><p><a href="https://infosec.exchange/tags/Authentication" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Authentication</span></a> <a href="https://infosec.exchange/tags/Impersonation" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Impersonation</span></a> <a href="https://infosec.exchange/tags/Spoofing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Spoofing</span></a> <a href="https://infosec.exchange/tags/Phishing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Phishing</span></a> <a href="https://infosec.exchange/tags/DV" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DV</span></a> <a href="https://infosec.exchange/tags/GoogleIsEvil" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GoogleIsEvil</span></a> <a href="https://infosec.exchange/tags/BigTechIsEvil" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BigTechIsEvil</span></a> <a href="https://infosec.exchange/tags/Certificates" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Certificates</span></a> <a href="https://infosec.exchange/tags/httpsVShttp" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>httpsVShttp</span></a> <a href="https://infosec.exchange/tags/AitM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AitM</span></a> <a href="https://infosec.exchange/tags/MitM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MitM</span></a> <a href="https://infosec.exchange/tags/FakeWebsites" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FakeWebsites</span></a> <a href="https://infosec.exchange/tags/CloudflareIsEvil" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CloudflareIsEvil</span></a> <a href="https://infosec.exchange/tags/bond" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bond</span></a> <a href="https://infosec.exchange/tags/dotBond" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>dotBond</span></a> <a href="https://infosec.exchange/tags/Spam" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Spam</span></a> <a href="https://infosec.exchange/tags/Infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Infosec</span></a> <a href="https://infosec.exchange/tags/Ransomware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Ransomware</span></a> <a href="https://infosec.exchange/tags/Banks" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Banks</span></a> <a href="https://infosec.exchange/tags/CloudflareIsEvil" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CloudflareIsEvil</span></a> <a href="https://infosec.exchange/tags/FakeWebsites" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FakeWebsites</span></a></p>
Erik van Straten<p><span class="h-card" translate="no"><a href="https://mastodon.ar.al/@aral" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>aral</span></a></span> : most Let's Encrypt (and other Domain Validated) certificates are issued to junk- or plain criminal websites.</p><p>They're the ultimate manifestation of evil big tech.</p><p>They were introduced to encrypt the "last mile" because Internet Service Providers were replacing ads in webpages and, in the other direction, inserting fake clicks.</p><p>DV has destroyed the internet. People loose their ebank savings and companies get ransomwared; phishing is dead simple. EDIW/EUDIW will become an identity fraud disaster (because of AitM phishing atracks).</p><p>Even the name "Let's Encrypt" is wrong for a CSP: nobody needs a certificate to encrypt a connection. The primary purpose of a certificate is AUTHENTICATION (of the owner of the private key, in this case the website).</p><p>However, for human beings, just a domain name simply does not provide reliable identification information. It renders impersonation a peace of cake.</p><p>Decent online authentication is HARD. Get used to it instead of denying it.</p><p>REASONS/EXAMPLES</p><p>🔹 Troy Hunt fell in the DV trap: <a href="https://infosec.exchange/@ErikvanStraten/114222237036021070" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">infosec.exchange/@ErikvanStrat</span><span class="invisible">en/114222237036021070</span></a></p><p>🔹 Google (and Troy Hunt!) killed non-DV certs (for profit) because of the stripe.com PoC. Now Chrome does not give you any more info than what Google argumented: <a href="https://infosec.exchange/@ErikvanStraten/114224682101772569" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">infosec.exchange/@ErikvanStrat</span><span class="invisible">en/114224682101772569</span></a></p><p>🔹 https:⧸⧸cancel-google.com/captcha was live yesterday: <a href="https://infosec.exchange/@ErikvanStraten/114224264440704546" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">infosec.exchange/@ErikvanStrat</span><span class="invisible">en/114224264440704546</span></a></p><p>🔹 Stop phishing proposal: <a href="https://infosec.exchange/@ErikvanStraten/113079966331873386" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">infosec.exchange/@ErikvanStrat</span><span class="invisible">en/113079966331873386</span></a></p><p>🔹 Lots of reasons why LE sucks:<br><a href="https://infosec.exchange/@ErikvanStraten/112914047006977222" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">infosec.exchange/@ErikvanStrat</span><span class="invisible">en/112914047006977222</span></a> (corrected link 09:20 UTC)</p><p>🔹 This website stopped registering junk .bond domain names, probably because there were too many every day (the last page I found): <a href="https://newly-registered-domains.abtdomain.com/2024-08-15-bond-newly-registered-domains-part-1/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">newly-registered-domains.abtdo</span><span class="invisible">main.com/2024-08-15-bond-newly-registered-domains-part-1/</span></a>. However, this gang is still active, open the RELATIONS tab in <a href="https://www.virustotal.com/gui/ip-address/13.248.197.209/relations" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">virustotal.com/gui/ip-address/</span><span class="invisible">13.248.197.209/relations</span></a>. You have to multiply the number of LE certs by approx. 5 because they also register subdomains and don't use wildcard certs. Source: <a href="https://www.bleepingcomputer.com/news/security/revolver-rabbit-gang-registers-500-000-domains-for-malware-campaigns/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">bleepingcomputer.com/news/secu</span><span class="invisible">rity/revolver-rabbit-gang-registers-500-000-domains-for-malware-campaigns/</span></a></p><p><span class="h-card" translate="no"><a href="https://ec.social-network.europa.eu/@EUCommission" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>EUCommission</span></a></span> <span class="h-card" translate="no"><a href="https://infosec.exchange/@letsencrypt" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>letsencrypt</span></a></span> <span class="h-card" translate="no"><a href="https://social.nlnet.nl/@nlnet" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>nlnet</span></a></span> </p><p><a href="https://infosec.exchange/tags/Authentication" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Authentication</span></a> <a href="https://infosec.exchange/tags/Impersonation" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Impersonation</span></a> <a href="https://infosec.exchange/tags/Spoofing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Spoofing</span></a> <a href="https://infosec.exchange/tags/Phishing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Phishing</span></a> <a href="https://infosec.exchange/tags/DV" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DV</span></a> <a href="https://infosec.exchange/tags/GoogleIsEvil" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GoogleIsEvil</span></a> <a href="https://infosec.exchange/tags/BigTechIsEvil" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BigTechIsEvil</span></a> <a href="https://infosec.exchange/tags/Certificates" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Certificates</span></a> <a href="https://infosec.exchange/tags/httpsVShttp" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>httpsVShttp</span></a> <a href="https://infosec.exchange/tags/AitM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AitM</span></a> <a href="https://infosec.exchange/tags/MitM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MitM</span></a> <a href="https://infosec.exchange/tags/FakeWebsites" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FakeWebsites</span></a> <a href="https://infosec.exchange/tags/CloudflareIsEvil" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CloudflareIsEvil</span></a> <a href="https://infosec.exchange/tags/bond" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bond</span></a> <a href="https://infosec.exchange/tags/dotBond" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>dotBond</span></a> <a href="https://infosec.exchange/tags/Spam" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Spam</span></a> <a href="https://infosec.exchange/tags/Infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Infosec</span></a> <a href="https://infosec.exchange/tags/Ransomware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Ransomware</span></a> <a href="https://infosec.exchange/tags/Banks" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Banks</span></a> <a href="https://infosec.exchange/tags/CloudflareIsEvil" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CloudflareIsEvil</span></a> <a href="https://infosec.exchange/tags/FakeWebsites" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FakeWebsites</span></a></p>
Erik van Straten<p><span class="h-card" translate="no"><a href="https://waag.social/@MennoOng" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>MennoOng</span></a></span> : sorry, ik heb niet getekend.</p><p>Reden: <a href="https://campagnes.degoedezaak.org" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">campagnes.degoedezaak.org</span><span class="invisible"></span></a> draait op een Amazon server.</p><p>Dat is al voldoende voor mij om niet te tekenen, maar op diezelfde server draaien ook nog eens een heel stel phishing websites.</p><p>En daarnaast bijvoorbeeld https:⧸⧸churchillshootingbudapest.com (zie de screenshot).</p><p>🥱 TECHNISCHE DETAILS<br>In <a href="https://www.virustotal.com/gui/domain/campagnes.degoedezaak.org/relations" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">virustotal.com/gui/domain/camp</span><span class="invisible">agnes.degoedezaak.org/relations</span></a> (open het "RELATIONS" tabblad) is te zien dat die website sinds 6 dec. draait op een server met IP-adres 75.2.43.161 (van Amazon).</p><p>In <a href="https://www.virustotal.com/gui/ip-address/15.197.129.158/relations" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">virustotal.com/gui/ip-address/</span><span class="invisible">15.197.129.158/relations</span></a> (opnieuw, open het "RELATIONS" tabblad) zie je bovenin 10 domeinnamen van websites die op dit IP-adres "draaien". Als je in onderin die sectie op ••• drukt, verschijnen de volgende tien.</p><p>De datum links is *niet* van de laatste scan, maar de laatst bekende datum dat de domeinnaam rechts via DNS verwees naar ("resolvde" in) IP-adres 75.2.43.161. Het aantal virusscanners (van 94) dat er kwaad in ziet is *wel* de laatst bekende status van de domeinmaam (die ondertussen naar een ander IP-adres kan zijn verplaatst).</p><p>Het gaat overigens om veel meer dan de bovenaan gesuggereerde 200 domeinnamen (ik ben gestopt met op ••• drukken bij 1330). Het zijn er mogelijk duizenden.</p><p>🐣 CONCLUSIE<br>Dit is low-budget hosting waarbij de privacy van bezoekers te grabbel wordt gegooid door een club die mogelijk uit is op snel geld.</p><p>Trap niet in betrouwbaar KLINKENDE domeinnamen zoals "degoedezaak.org" met waardeloze, zo goed als anonieme, website-certificaten en websites draaiend bij junk hosters.</p><p><span class="h-card" translate="no"><a href="https://mastodon.social/@Kletskous" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>Kletskous</span></a></span> </p><p><a href="https://infosec.exchange/tags/AmazonIsEvil" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AmazonIsEvil</span></a> <a href="https://infosec.exchange/tags/BigTechIsEvil" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BigTechIsEvil</span></a></p>
Erik van Straten<p><span class="h-card" translate="no"><a href="https://mastodon.nl/@ErikSchouten73" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>ErikSchouten73</span></a></span> : ter aanvullende info, het certificaat zoals Chrome onder Android (een van de weinige mobiele browsers met een certificaat-viewer) dat laat zien.</p><p>Totaal onbegrijpelijk, en DAT IS MET OPZET.</p><p>Meer info over Punycode en IDN's vindt u bijvoorbeeld in <a href="https://www.charset.org/punycode?encoded=xn--ldl-vma.be&decode=Punycode+to+normal+text" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">charset.org/punycode?encoded=x</span><span class="invisible">n--ldl-vma.be&decode=Punycode+to+normal+text</span></a> (zie ook de Alt tekst bij onderstaand plaatje).</p><p><a href="https://infosec.exchange/tags/GoogleIsEvil" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GoogleIsEvil</span></a> <a href="https://infosec.exchange/tags/LetsEncryptSucks" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LetsEncryptSucks</span></a> <a href="https://infosec.exchange/tags/BigTechIsEvil" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BigTechIsEvil</span></a> <a href="https://infosec.exchange/tags/BrowserMakersAreEvil" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BrowserMakersAreEvil</span></a> <a href="https://infosec.exchange/tags/CABForumIsEvil" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CABForumIsEvil</span></a> <a href="https://infosec.exchange/tags/CABForumSucks" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CABForumSucks</span></a> <a href="https://infosec.exchange/tags/Punycode" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Punycode</span></a> <a href="https://infosec.exchange/tags/IDN" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>IDN</span></a></p>
Erik van Straten<p><span class="h-card" translate="no"><a href="https://mastodon.nl/@ErikSchouten73" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>ErikSchouten73</span></a></span> : dat soort adviezen werken in de praktijk *NIET* voor heel veel mensen.</p><p>En terecht, alles in dat soort adviezen kan door criminelen worden omzeild.</p><p>Het internet is verziekt door big tech.</p><p>Gegeven een domeinnaam moeten internetters, om te beginnen, exact begrijpen hoe domeinnamen in elkaar zitten (*), iets dat voor veel internetters onbegrijpelijke materie is.</p><p>En *áls* internetters dat al snappen, moeten zij op raadselachtige wijze zien te achterhalen of die domeinnaam van de *KENNELIJKE ORGANISATIE* is. Dat is allemaal informatie die door Big Tech wordt *ACHTERGEHOUDEN*.</p><p>(*) Denk ook aan phishing websites zoals:</p><p> https:⧸⧸lîdl·be/login</p><p>Zie de zojuist gemaakte screenshot van die URL (link - indien correct gespeld, dus met https:// en een punt erin) hieronder.</p><p><a href="https://infosec.exchange/tags/Phishing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Phishing</span></a> <a href="https://infosec.exchange/tags/DVCerts" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DVCerts</span></a> <a href="https://infosec.exchange/tags/BigTechIsEvil" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BigTechIsEvil</span></a> <a href="https://infosec.exchange/tags/GoogleIsEvil" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GoogleIsEvil</span></a> <a href="https://infosec.exchange/tags/BrowsersSuck" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BrowsersSuck</span></a> <a href="https://infosec.exchange/tags/CABForumSucks" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CABForumSucks</span></a> <a href="https://infosec.exchange/tags/CABForumIsCorrupt" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CABForumIsCorrupt</span></a></p>
Erik van Straten<p><span class="h-card" translate="no"><a href="https://mastodon.nl/@Marguerite" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>Marguerite</span></a></span> : het grootste risico van een eID is dat je op een nepwebsite authenticeert (= bewijst dat je bent wie je zegt dat je bent).</p><p>En dat, met die gegevens, de eigenaar van die (of software op die) nepsite op een *andere* website bewijst dat hij of zij jij is (en bijv. een creditcard op jouw naam aanvraagt en bij een katvanger laat bezorgen).</p><p>Bij DigiD is dat veel lastiger voor criminelen, omdat een website waar je met DigiD kunt authenticeren aan veel door Logius gestelde eisen moet voldoen (én een koppeling met servers van Logius moet hebben).</p><p>Betrouwbare authenticatie vereist een betrouwbare authenticeerder. Het krioelt van de nepwebsites op internet, en niemand die daar serieus iets tegen onderneemt (big tech verdient lekker mee aan cybercrime).</p><p><span class="h-card" translate="no"><a href="https://mastodon.world/@FediWouter" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>FediWouter</span></a></span> <span class="h-card" translate="no"><a href="https://mastodon.frl/@differentieel" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>differentieel</span></a></span> </p><p><a href="https://infosec.exchange/tags/NepWebSites" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NepWebSites</span></a> <a href="https://infosec.exchange/tags/GoogleIsEvil" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GoogleIsEvil</span></a> <a href="https://infosec.exchange/tags/BigTechIsEvil" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BigTechIsEvil</span></a></p>
Erik van Straten<p>Zojuist uninstalled (Android, Pixel 6)</p><p>Meer info: <a href="https://mastodon.social/@Tutanota/113969191214363432" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">mastodon.social/@Tutanota/1139</span><span class="invisible">69191214363432</span></a></p><p><a href="https://infosec.exchange/tags/CameraInDeWC" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CameraInDeWC</span></a> <a href="https://infosec.exchange/tags/ClientSideScanning" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ClientSideScanning</span></a> <a href="https://infosec.exchange/tags/AndroidSystemSafetyCore" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AndroidSystemSafetyCore</span></a> <a href="https://infosec.exchange/tags/CSS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CSS</span></a> <a href="https://infosec.exchange/tags/ChatControl" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ChatControl</span></a> <a href="https://infosec.exchange/tags/Privacy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Privacy</span></a> <a href="https://infosec.exchange/tags/BigBrother" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BigBrother</span></a> <a href="https://infosec.exchange/tags/BigTechIsEvil" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BigTechIsEvil</span></a> <a href="https://infosec.exchange/tags/GoogleIsEvil" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GoogleIsEvil</span></a></p>
Sam A.<p><span class="h-card" translate="no"><a href="https://kolektiva.social/@DoomsdaysCW" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>DoomsdaysCW</span></a></span> or just don't use Google ;)<br><a href="https://social.data.coop/tags/BigTechIsEvil" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BigTechIsEvil</span></a> <a href="https://social.data.coop/tags/DegoogleYourself" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DegoogleYourself</span></a> <a href="https://social.data.coop/tags/PrivacyMatters" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PrivacyMatters</span></a></p>
Erik van Straten<p><span class="h-card" translate="no"><a href="https://social.publicspaces.net/@publicspaces" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>publicspaces</span></a></span> : over Big Tech gesproken, waarom begint de URL in de QR-code met https:// gevolgd door matrix[.]to - bij Cloudflare (*) met een Google DV certificaat?</p><p>(*) Met FISA section 702 NSA/etc. backdoor</p><p><a href="https://infosec.exchange/tags/Matrix_to" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Matrix_to</span></a> <a href="https://infosec.exchange/tags/FISAsection702" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FISAsection702</span></a> <a href="https://infosec.exchange/tags/NSA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NSA</span></a> <a href="https://infosec.exchange/tags/CIA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CIA</span></a> <a href="https://infosec.exchange/tags/Snowden" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Snowden</span></a> <a href="https://infosec.exchange/tags/BigTechIsEvil" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BigTechIsEvil</span></a> <a href="https://infosec.exchange/tags/GoogleIsEvil" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GoogleIsEvil</span></a></p>
TrendingLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload