Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://infosec.exchange/@cR0w" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>cR0w</span></a></span> too many.</p><ul><li>Jist like there are way too many applications suceptible to the <a href="https://infosec.space/tags/CryptoAPI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CryptoAPI</span></a> <a href="https://infosec.space/tags/backdoor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>backdoor</span></a> of <a href="https://infosec.space/tags/Windows" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Windows</span></a>.</li></ul><p><a href="http://github.com/kkarhan/windows-ca-backdoor-fix" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">http://</span><span class="ellipsis">github.com/kkarhan/windows-ca-</span><span class="invisible">backdoor-fix</span></a></p><p>So far testing by <span class="h-card" translate="no"><a href="https://social.heise.de/@ct_Magazin" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>ct_Magazin</span></a></span> / <span class="h-card" translate="no"><a href="https://social.heise.de/@heiseonline" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>heiseonline</span></a></span> (and myseof later on) revealed only few <a href="https://infosec.space/tags/Apps" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Apps</span></a> not vulnerable to this specifics <a href="https://infosec.space/tags/Govware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Govware</span></a>:</p><ul><li><a href="https://infosec.space/tags/Firefox" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Firefox</span></a> (uses <span class="h-card" translate="no"><a href="https://mastodon.cc/@Mozilla" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>Mozilla</span></a></span> / <span class="h-card" translate="no"><a href="https://mastodon.social/@mozilla_support" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>mozilla_support</span></a></span> / <a href="https://infosec.space/tags/Mozilla" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Mozilla</span></a> <a href="https://infosec.space/tags/NSS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NSS</span></a> & has it's own <a href="https://infosec.space/tags/SSL" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SSL</span></a> certificate storage)</li><li><span class="h-card" translate="no"><a href="https://mastodon.online/@thunderbird" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>thunderbird</span></a></span> (Mozilla NSS)</li><li><span class="h-card" translate="no"><a href="https://mastodon.social/@torproject" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>torproject</span></a></span> / <a href="https://infosec.space/tags/TorBrowser" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TorBrowser</span></a> (Mozilla NSS; custom certificates)</li><li><a href="https://infosec.space/tags/curl" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>curl</span></a> (uses <span class="h-card" translate="no"><a href="https://mastodon.social/@bagder" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>bagder</span></a></span> <a href="https://infosec.space/tags/WolfSSL" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>WolfSSL</span></a> and manages it's own certs)</li></ul><p>Anything else that uses the CryptoAPI is, espechally *all <a href="https://infosec.space/tags/Chromium" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Chromium</span></a>-Forks (aka. All Browsers except Firefox, Tor Browser, <a href="https://infosec.space/tags/dillo" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>dillo</span></a>, <a href="https://infosec.space/tags/LynxBrowser" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LynxBrowser</span></a>…)</p>
eupolicy.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
This Mastodon server is a friendly and respectful discussion space for people working in areas related to EU policy. When you request to create an account, please tell us something about you.
Administered by:
Server stats:
218active users
eupolicy.social: About · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.4.1
#cryptoapi
0 posts · 0 participants · 0 posts today
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://mas.to/@tokyo_0" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>tokyo_0</span></a></span> <a href="https://infosec.space/tags/TrueCrypt" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TrueCrypt</span></a> is <a href="https://infosec.space/tags/abandonware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>abandonware</span></a> with serious security issues. </p><ul><li><em>DO NOT USE TRUECRYPT FFS!!!</em></li></ul><p>Use <a href="https://infosec.space/tags/VeraCrypt" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>VeraCrypt</span></a> or even better: migrate machines to <a href="https://infosec.space/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Linux</span></a> and use <a href="https://infosec.space/tags/LUKS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LUKS</span></a> / <a href="https://infosec.space/tags/dmcrypt" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>dmcrypt</span></a> instead, as it's the best option at hand.</p><ul><li>If you need to shuttle data to <a href="https://infosec.space/tags/Windows" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Windows</span></a> and <a href="https://infosec.space/tags/macOS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>macOS</span></a> machines and using <a href="https://infosec.space/tags/SFTP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SFTP</span></a> / <a href="https://infosec.space/tags/SSHFS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SSHFS</span></a> to mount a secure storage over the network isn't an option, than you're stuck with VeraCrypt, as <a href="https://infosec.space/tags/Windows" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Windows</span></a>' <a href="https://infosec.space/tags/CryptoAPI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CryptoAPI</span></a> is evidently <a href="https://infosec.space/tags/backdoored" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>backdoored</span></a> to the point that every <a href="https://infosec.space/tags/Browser" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Browser</span></a> except <a href="https://infosec.space/tags/Firefox" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Firefox</span></a> is susceptible to <a href="https://infosec.space/tags/SSL" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SSL</span></a> hijacking with background updates...</li></ul><p><a href="https://github.com/kkarhan/windows-ca-backdoor-fix" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/kkarhan/windows-ca-</span><span class="invisible">backdoor-fix</span></a></p>
TrendingLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload