Lingolol

3 posts3 participants1 post today

Felix Palmen :freebsd: :c64:Good morning! ☕ Now that I can't find any other bugs in <a href="https://mastodon.bsd.cafe/tags/swad" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#swad</a> any more, I'm thinking again about how I could improve it.Would anyone consider deploying it on a busy site right now? Either as a replacement for <a href="https://mastodon.bsd.cafe/tags/Anubis" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Anubis</a> (proof-of-work against bots), or for simple non-federated <a href="https://mastodon.bsd.cafe/tags/authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#authentication</a>, or maybe even both?I'm currently not sure how well it would scale. The reason is the design with server-side sessions, which is simple and very light-weight "on the wire", but needs server-side RAM for each and every client. It's hard to guess how this would turn out on very busy sites.So, I'm thinking about moving to a stateless design. The obvious technical choice for that would be to issue a signed <a href="https://mastodon.bsd.cafe/tags/JWT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#JWT</a> (Json Web Token), just like Anubis does it as well. This would have a few consequences though:* OpenSSL/LibreSSL would be a hard build dependency. Right now, it's only needed if the proof-of-work checker and/or TLS support is enabled. * You'd need an X509 certificate in any case to operate swad, even without TLS, just for signing the JWTs. * My current CSRF-protection would stop working (it's based on random tokens stored in the session). Probably not THAT bad, the login itself doesn't need it at all, and once logged in, the only action swad supports is logout, which then COULD be spoofed, but that's more an annoyance than a security threat... 🤔 * I would *still* need some server-side RAM for each and every client to implement the rate-limits for failed logins. At least, that's not as much RAM as currently.Any thoughts? Should I work on going (almost) "stateless"?

TechnoTenshi :verified_trans: :Fire_Lesbian:Passkeys use public key cryptography to authenticate users without exposing secrets. WebAuthn adds phishing resistance via origin binding. But they're not bulletproof—device malware and weak recovery paths remain risks. <a href="https://blog.trailofbits.com/2025/05/14/the-cryptography-behind-passkeys/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://blog.trailofbits.com/2025/05/14/the-cryptography-behind-passkeys/</a><a href="https://infosec.exchange/tags/Passkeys" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Passkeys</a> <a href="https://infosec.exchange/tags/WebAuthn" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#WebAuthn</a> <a href="https://infosec.exchange/tags/Authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Authentication</a> <a href="https://infosec.exchange/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#InfoSec</a>

Felix Palmen :freebsd: :c64:Just released: <a href="https://mastodon.bsd.cafe/tags/swad" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#swad</a> 0.7! 😎 Swad is the "Simple Web Authentication Daemon". If you're looking for a solution to add cookie/form <a href="https://mastodon.bsd.cafe/tags/authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#authentication</a> to your <a href="https://mastodon.bsd.cafe/tags/nginx" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#nginx</a> reverse proxy, or maybe even a <a href="https://mastodon.bsd.cafe/tags/lightweight" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#lightweight</a> alternative to <a href="https://mastodon.bsd.cafe/tags/Anubis" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Anubis</a> which leaves the actual proxying to nginx, this might be for you! It is designed for use with nginx' auth_request, written in pure C, with minimal dependencies (zlib and, depending on build options, openssl/libressl and/or libpam), and compiles to a small binary (currently between 150kiB and less than 300kiB depending on compiler and target platform).Swad should work on many <a href="https://mastodon.bsd.cafe/tags/posix" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#posix</a> (and almost) systems. It's actually tested on <a href="https://mastodon.bsd.cafe/tags/FreeBSD" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#FreeBSD</a> (in "production" use, but on a very low-traffic private site), and quick functionality tests also done on <a href="https://mastodon.bsd.cafe/tags/Debian" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Debian</a> (<a href="https://mastodon.bsd.cafe/tags/Linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Linux</a>) and <a href="https://mastodon.bsd.cafe/tags/OpenIndiana" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OpenIndiana</a> (<a href="https://mastodon.bsd.cafe/tags/Illumos" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Illumos</a>, open-source <a href="https://mastodon.bsd.cafe/tags/Solaris" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Solaris</a> descendant).As announced, this release doesn't bring any new features (in terms of WHAT it can do), but great improvements "under the hood", that should help performance at least on some platforms, see release notes for swad 0.7.Read more, and download the .tar.xz (to build and install it 😆) here: <a href="https://github.com/Zirias/swad" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://github.com/Zirias/swad</a>

Felix Palmen :freebsd: :c64:Just released: <a href="https://mastodon.bsd.cafe/tags/swad" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#swad</a> v0.3!<a href="https://github.com/Zirias/swad/releases/tag/v0.3" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://github.com/Zirias/swad/releases/tag/v0.3</a>swad is the "Simple Web Authentication Daemon", your tiny, efficient and (almost) dependency-free solution to add <a href="https://mastodon.bsd.cafe/tags/cookie" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cookie</a> + login <a href="https://mastodon.bsd.cafe/tags/form" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#form</a> <a href="https://mastodon.bsd.cafe/tags/authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#authentication</a> to whatever your <a href="https://mastodon.bsd.cafe/tags/reverse" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#reverse</a> <a href="https://mastodon.bsd.cafe/tags/proxy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#proxy</a> offers. It's written in pure <a href="https://mastodon.bsd.cafe/tags/C" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#C</a>, portable across <a href="https://mastodon.bsd.cafe/tags/POSIX" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#POSIX</a> platforms. It's designed with <a href="https://mastodon.bsd.cafe/tags/nginx" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#nginx</a>' 'auth_request' in mind, example configurations are included.This release brings a file-based credential checker in addition to the already existing one using <a href="https://mastodon.bsd.cafe/tags/PAM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PAM</a>. Also lots of improvements, see details in the release notes.I finally added complete build instructions to the README.md:<a href="https://github.com/Zirias/swad" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://github.com/Zirias/swad</a>And there's more documentation available: manpages as well as a fully commented example configuration file.

Brad Rubenstein “:verified:”<pre><code>Mothers maiden name: 5472615884 First car owned: 3656654851 Favorite color: 2580548933 </code></pre>They get generated and stored in the password manager, for each account as needed.The advantage of ten digit numbers is that they are easy to communicate to a customer service agent over the phone.IME, no agent has ever batted an eye. It's not even lying. It's just being clear on the purpose.<a href="https://mastodon.social/@marasawr" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@marasawr</a><a href="https://infosec.exchange/tags/Passwords" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Passwords</a> <a href="https://infosec.exchange/tags/SecretQuestions" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SecretQuestions</a> <a href="https://infosec.exchange/tags/Authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Authentication</a> <a href="https://infosec.exchange/tags/Privacy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Privacy</a>

Felix Palmen :freebsd: :c64:Just released: <a href="https://mastodon.bsd.cafe/tags/swad" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#swad</a> v0.2SWAD is the "Simple Web Authentication Daemon", meant to add <a href="https://mastodon.bsd.cafe/tags/cookie" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cookie</a> <a href="https://mastodon.bsd.cafe/tags/authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#authentication</a> with a simple <a href="https://mastodon.bsd.cafe/tags/login" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#login</a> form and configurable credential checker modules to a reverse <a href="https://mastodon.bsd.cafe/tags/proxy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#proxy</a> supporting to delegate authentication to a backend service, like e.g. <a href="https://mastodon.bsd.cafe/tags/nginx" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#nginx</a>' "auth_request". It's a very small piece of software written in pure <a href="https://mastodon.bsd.cafe/tags/C" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#C</a> with as little external dependencies as possible. It requires some <a href="https://mastodon.bsd.cafe/tags/POSIX" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#POSIX</a> (or "almost POSIX", like <a href="https://mastodon.bsd.cafe/tags/Linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Linux</a>, <a href="https://mastodon.bsd.cafe/tags/FreeBSD" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#FreeBSD</a>, ...) environment, OpenSSL (or LibreSSL) for TLS and zlib for response compression.Currently, the only credential checker module available offers <a href="https://mastodon.bsd.cafe/tags/PAM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PAM</a> authentication, more modules will come in later releases.swad 0.2 brings a few bugfixes and improvements, especially helping with security by rate-limiting the creation of new sessions as well as failed login attempts. Read details and grab it here:<a href="https://github.com/Zirias/swad/releases/tag/v0.2" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://github.com/Zirias/swad/releases/tag/v0.2</a>

Felix Palmen :freebsd: :c64:Released: <a href="https://mastodon.bsd.cafe/tags/swad" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#swad</a> v0.1 🥳 Looking for a simple way to add <a href="https://mastodon.bsd.cafe/tags/authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#authentication</a> to your <a href="https://mastodon.bsd.cafe/tags/nginx" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#nginx</a> reverse proxy? Then swad *could* be for you!swad is the "Simple Web Authentication Daemon", written in pure <a href="https://mastodon.bsd.cafe/tags/C" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#C</a> (+ <a href="https://mastodon.bsd.cafe/tags/POSIX" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#POSIX</a>) with almost no external dependencies. <a href="https://mastodon.bsd.cafe/tags/TLS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#TLS</a> support requires <a href="https://mastodon.bsd.cafe/tags/OpenSSL" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OpenSSL</a> (or <a href="https://mastodon.bsd.cafe/tags/LibreSSL" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#LibreSSL</a>). It's designed to work with nginx' "auth_request" module and offers authentication using a <a href="https://mastodon.bsd.cafe/tags/cookie" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cookie</a> and a login form.Well, this is a first release and you can tell by the version number it isn't "complete" yet. Most notably, only one single credentials checker is implemented: <a href="https://mastodon.bsd.cafe/tags/PAM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PAM</a>. But as pam already allows pretty flexible configuration, I already consider this pretty useful 🙈If you want to know more, read here: <a href="https://github.com/Zirias/swad" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://github.com/Zirias/swad</a>

Boiling SteamMatrix.org Will Migrate to MAS: <a href="https://matrix.org/blog/2025/04/matrix-auth-service/" rel="nofollow noopener noreferrer" target="_blank">https://matrix.org/blog/2025/04/matrix-auth-service/</a> <a href="https://mastodon.cloud/tags/linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#linux</a> <a href="https://mastodon.cloud/tags/update" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#update</a> <a href="https://mastodon.cloud/tags/foss" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#foss</a> <a href="https://mastodon.cloud/tags/matrix" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#matrix</a> <a href="https://mastodon.cloud/tags/mas" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#mas</a> <a href="https://mastodon.cloud/tags/migration" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#migration</a> <a href="https://mastodon.cloud/tags/authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#authentication</a>

Felix Palmen :freebsd: :c64:Trying to come up with my own little self-hosted <a href="https://mastodon.bsd.cafe/tags/http" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#http</a> <a href="https://mastodon.bsd.cafe/tags/authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#authentication</a> <a href="https://mastodon.bsd.cafe/tags/daemon" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#daemon</a> to work with <a href="https://mastodon.bsd.cafe/tags/nginx" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#nginx</a>' "authentication request" facility ... first step done! 🥳Now I have a subset of HTTP 1.x implemented in <a href="https://mastodon.bsd.cafe/tags/C" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#C</a>, together with a dummy handler showing nothing but a static hello-world root document.I know it's kind of stubborn doing that in C, but hey, <a href="https://mastodon.bsd.cafe/tags/coding" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#coding</a> it is great fun 🙈 <a href="https://github.com/Zirias/swad" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://github.com/Zirias/swad</a>

Erik van Straten"Franse overheid voert phishingtest uit op 2,5 miljoen leerlingen" <a href="https://www.security.nl/posting/881630/Franse+overheid+voert+phishingtest+uit+op+2%2C5+miljoen+leerlingen" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.security.nl/posting/881630/Franse+overheid+voert+phishingtest+uit+op+2%2C5+miljoen+leerlingen</a>KRANKZINNIG!Het is meestal onmogelijk om nepberichten (e-mail, SMS, ChatApp, social media en papieren post - zie plaatje) betrouwbaar van echte te kunnen onderscheiden.Tegen phishing en vooral nepwebsites is echter prima iets te doen, zoals ik vandaag nogmaals beschreef in <a href="https://security.nl/posting/881655" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://security.nl/posting/881655</a>.(Big Tech en luie websitebeheerders willen dat niet, dus is en blijft het een enorm gevecht).<a href="https://infosec.exchange/tags/Phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Phishing</a> <a href="https://infosec.exchange/tags/NepWebsites" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#NepWebsites</a> <a href="https://infosec.exchange/tags/DV" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DV</a> <a href="https://infosec.exchange/tags/DVcerts" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DVcerts</a> <a href="https://infosec.exchange/tags/LetsEncrypt" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#LetsEncrypt</a> <a href="https://infosec.exchange/tags/Certificates" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Certificates</a> <a href="https://infosec.exchange/tags/Certificaten" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Certificaten</a> <a href="https://infosec.exchange/tags/Spoofing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Spoofing</a> <a href="https://infosec.exchange/tags/AitM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AitM</a> <a href="https://infosec.exchange/tags/MitM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#MitM</a> <a href="https://infosec.exchange/tags/Evilginx2" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Evilginx2</a> <a href="https://infosec.exchange/tags/Zwakke2FA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Zwakke2FA</a> <a href="https://infosec.exchange/tags/ZwakkeMFA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ZwakkeMFA</a> <a href="https://infosec.exchange/tags/Weak2FA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Weak2FA</a> <a href="https://infosec.exchange/tags/WeakMFA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#WeakMFA</a> <a href="https://infosec.exchange/tags/Authenticatie" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Authenticatie</a> <a href="https://infosec.exchange/tags/Impersonatie" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Impersonatie</a> <a href="https://infosec.exchange/tags/Authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Authentication</a> <a href="https://infosec.exchange/tags/Impersonation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Impersonation</a> <a href="https://infosec.exchange/tags/DomainNames" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DomainNames</a> <a href="https://infosec.exchange/tags/Authenticity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Authenticity</a> <a href="https://infosec.exchange/tags/Aurhenticiteit" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Aurhenticiteit</a> <a href="https://infosec.exchange/tags/Owner" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Owner</a> <a href="https://infosec.exchange/tags/Eigenaar" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Eigenaar</a> <a href="https://infosec.exchange/tags/Verantwoordelijke" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Verantwoordelijke</a> <a href="https://infosec.exchange/tags/Responsible" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Responsible</a> <a href="https://infosec.exchange/tags/Accountable" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Accountable</a> <a href="https://infosec.exchange/tags/DigiD" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DigiD</a> <a href="https://infosec.exchange/tags/SMS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SMS</a> <a href="https://infosec.exchange/tags/Email" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Email</a> <a href="https://infosec.exchange/tags/ChatApps" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ChatApps</a> <a href="https://infosec.exchange/tags/Verzender" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Verzender</a> <a href="https://infosec.exchange/tags/Sender" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Sender</a> <a href="https://infosec.exchange/tags/BigTechIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#BigTechIsEvil</a> <a href="https://infosec.exchange/tags/GoogleIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#GoogleIsEvil</a> <a href="https://infosec.exchange/tags/CloudflareIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CloudflareIsEvil</a>

Erik van Straten<a href="https://mastodon.ar.al/@aral" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@aral</a> :I don't want to pay a cent. Neither donate, nor via taxes.<a href="https://infosec.exchange/@ErikvanStraten/114227977082449887" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://infosec.exchange/@ErikvanStraten/114227977082449887</a><a href="https://mstdn.social/@TheDutchChief" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@TheDutchChief</a> <a href="https://ec.social-network.europa.eu/@EUCommission" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@EUCommission</a> <a href="https://infosec.exchange/@letsencrypt" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@letsencrypt</a> <a href="https://social.nlnet.nl/@nlnet" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@nlnet</a> <a href="https://infosec.exchange/tags/Authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Authentication</a> <a href="https://infosec.exchange/tags/Impersonation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Impersonation</a> <a href="https://infosec.exchange/tags/Spoofing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Spoofing</a> <a href="https://infosec.exchange/tags/Phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Phishing</a> <a href="https://infosec.exchange/tags/DV" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DV</a> <a href="https://infosec.exchange/tags/GoogleIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#GoogleIsEvil</a> <a href="https://infosec.exchange/tags/BigTechIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#BigTechIsEvil</a> <a href="https://infosec.exchange/tags/Certificates" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Certificates</a> <a href="https://infosec.exchange/tags/httpsVShttp" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#httpsVShttp</a> <a href="https://infosec.exchange/tags/AitM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AitM</a> <a href="https://infosec.exchange/tags/MitM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#MitM</a> <a href="https://infosec.exchange/tags/FakeWebsites" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#FakeWebsites</a> <a href="https://infosec.exchange/tags/CloudflareIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CloudflareIsEvil</a> <a href="https://infosec.exchange/tags/bond" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#bond</a> <a href="https://infosec.exchange/tags/dotBond" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#dotBond</a> <a href="https://infosec.exchange/tags/Spam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Spam</a> <a href="https://infosec.exchange/tags/Infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Infosec</a> <a href="https://infosec.exchange/tags/Ransomware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Ransomware</a> <a href="https://infosec.exchange/tags/Banks" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Banks</a> <a href="https://infosec.exchange/tags/CloudflareIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CloudflareIsEvil</a> <a href="https://infosec.exchange/tags/FakeWebsites" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#FakeWebsites</a>

Erik van Straten<a href="https://mastodon.ar.al/@aral" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@aral</a> : most Let's Encrypt (and other Domain Validated) certificates are issued to junk- or plain criminal websites.They're the ultimate manifestation of evil big tech.They were introduced to encrypt the "last mile" because Internet Service Providers were replacing ads in webpages and, in the other direction, inserting fake clicks.DV has destroyed the internet. People loose their ebank savings and companies get ransomwared; phishing is dead simple. EDIW/EUDIW will become an identity fraud disaster (because of AitM phishing atracks).Even the name "Let's Encrypt" is wrong for a CSP: nobody needs a certificate to encrypt a connection. The primary purpose of a certificate is AUTHENTICATION (of the owner of the private key, in this case the website).However, for human beings, just a domain name simply does not provide reliable identification information. It renders impersonation a peace of cake.Decent online authentication is HARD. Get used to it instead of denying it.REASONS/EXAMPLES🔹 Troy Hunt fell in the DV trap: <a href="https://infosec.exchange/@ErikvanStraten/114222237036021070" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://infosec.exchange/@ErikvanStraten/114222237036021070</a>🔹 Google (and Troy Hunt!) killed non-DV certs (for profit) because of the stripe.com PoC. Now Chrome does not give you any more info than what Google argumented: <a href="https://infosec.exchange/@ErikvanStraten/114224682101772569" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://infosec.exchange/@ErikvanStraten/114224682101772569</a>🔹 https:⧸⧸cancel-google.com/captcha was live yesterday: <a href="https://infosec.exchange/@ErikvanStraten/114224264440704546" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://infosec.exchange/@ErikvanStraten/114224264440704546</a>🔹 Stop phishing proposal: <a href="https://infosec.exchange/@ErikvanStraten/113079966331873386" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://infosec.exchange/@ErikvanStraten/113079966331873386</a>🔹 Lots of reasons why LE sucks: <a href="https://infosec.exchange/@ErikvanStraten/112914047006977222" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://infosec.exchange/@ErikvanStraten/112914047006977222</a> (corrected link 09:20 UTC)🔹 This website stopped registering junk .bond domain names, probably because there were too many every day (the last page I found): <a href="https://newly-registered-domains.abtdomain.com/2024-08-15-bond-newly-registered-domains-part-1/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://newly-registered-domains.abtdomain.com/2024-08-15-bond-newly-registered-domains-part-1/</a>. However, this gang is still active, open the RELATIONS tab in <a href="https://www.virustotal.com/gui/ip-address/13.248.197.209/relations" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.virustotal.com/gui/ip-address/13.248.197.209/relations</a>. You have to multiply the number of LE certs by approx. 5 because they also register subdomains and don't use wildcard certs. Source: <a href="https://www.bleepingcomputer.com/news/security/revolver-rabbit-gang-registers-500-000-domains-for-malware-campaigns/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.bleepingcomputer.com/news/security/revolver-rabbit-gang-registers-500-000-domains-for-malware-campaigns/</a><a href="https://ec.social-network.europa.eu/@EUCommission" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@EUCommission</a> <a href="https://infosec.exchange/@letsencrypt" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@letsencrypt</a> <a href="https://social.nlnet.nl/@nlnet" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@nlnet</a> <a href="https://infosec.exchange/tags/Authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Authentication</a> <a href="https://infosec.exchange/tags/Impersonation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Impersonation</a> <a href="https://infosec.exchange/tags/Spoofing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Spoofing</a> <a href="https://infosec.exchange/tags/Phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Phishing</a> <a href="https://infosec.exchange/tags/DV" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DV</a> <a href="https://infosec.exchange/tags/GoogleIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#GoogleIsEvil</a> <a href="https://infosec.exchange/tags/BigTechIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#BigTechIsEvil</a> <a href="https://infosec.exchange/tags/Certificates" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Certificates</a> <a href="https://infosec.exchange/tags/httpsVShttp" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#httpsVShttp</a> <a href="https://infosec.exchange/tags/AitM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AitM</a> <a href="https://infosec.exchange/tags/MitM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#MitM</a> <a href="https://infosec.exchange/tags/FakeWebsites" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#FakeWebsites</a> <a href="https://infosec.exchange/tags/CloudflareIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CloudflareIsEvil</a> <a href="https://infosec.exchange/tags/bond" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#bond</a> <a href="https://infosec.exchange/tags/dotBond" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#dotBond</a> <a href="https://infosec.exchange/tags/Spam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Spam</a> <a href="https://infosec.exchange/tags/Infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Infosec</a> <a href="https://infosec.exchange/tags/Ransomware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Ransomware</a> <a href="https://infosec.exchange/tags/Banks" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Banks</a> <a href="https://infosec.exchange/tags/CloudflareIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CloudflareIsEvil</a> <a href="https://infosec.exchange/tags/FakeWebsites" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#FakeWebsites</a>

Felix Palmen :freebsd: :c64:Ok HOW HARD CAN IT BE? 🤬 Currently trying to allow the <a href="https://mastodon.bsd.cafe/tags/Windows" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Windows</a> machine I got from work (domain member, very much locked up, no local admin for me) in my private <a href="https://mastodon.bsd.cafe/tags/wifi" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#wifi</a> network (using 802.11x <a href="https://mastodon.bsd.cafe/tags/authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#authentication</a> for <a href="https://mastodon.bsd.cafe/tags/WPA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#WPA</a> with <a href="https://mastodon.bsd.cafe/tags/freeradius" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#freeradius</a> and <a href="https://mastodon.bsd.cafe/tags/PEAP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PEAP</a> using my own <a href="https://mastodon.bsd.cafe/tags/samba" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#samba</a> based AD).I don't strictly *need* it, the machine connects to my open guest wifi (mapped to a VLAN with access *only* to the internet), but it would be really nice being able to also access my local services while working at home.What I tried:- Just login (PEAP/MSCHAPv2), obviously. After lots of fiddling and reading logs (freeradius as well as windows events), I found some docs suggesting Windows doesn't support that any more unless you fiddle with something in HKLM, so, no dice, need something else... - Allow EAP-TLS as well and issue a client certificate for my user, install that on windows. Doesn't work, the machine insists on using the machine cert from the machine store. - Create a client cert with the UPN of my user in my home network in SAN ... same issue - Create a client cert with the UPN of my *work* user in SAN ... - Ok screw that, get freeradius to accept that stupid machine certificate: Allow the internal CA of my workplace and *only* the CN of exactly the machine certificate.Now, it still won't work and I really don't get it, seeing stuff like:(13) eap_tls: (TLS) TLS - recv TLS 1.3 Handshake, ClientHello (13) eap_tls: (TLS) TLS - send TLS 1.1 Alert, fatal protocol_version (13) eap_tls: ERROR: (TLS) TLS - Alert write:fatal:protocol version (13) eap_tls: ERROR: (TLS) TLS - Server : Error in SSLv3 read client hello BIt makes little sense and all fiddling with TLS options so far didn't make it work. For other clients using PEAP, it just works with both TLS1.2 and TLS1.3. WTF is going on here?

Georgiana BrummellFirst, they shut down the Basic HTML site, forcing many of us to switch to clients such as Thunderbird. Now, they're using qr codes which are not only inaccessible to the blind but also to those who don't use smartphones! This is ridiculous! Yes, they do still have the option to click whether it's you trying to sign in or not (which still requires a smartphone and a carrier, which they claim to be concerned about), but how long before they remove that, too?<a href="https://www.pcmag.com/news/google-is-replacing-sms-codes-with-qr-codes-for-gmail-authentication" rel="nofollow noopener noreferrer" target="_blank">pcmag.com/news/google-is-repla…</a><a href="https://friendica.world/search?tag=accessibility" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#accessibility</a> <a href="https://friendica.world/search?tag=Android" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Android</a> <a href="https://friendica.world/search?tag=authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#authentication</a> <a href="https://friendica.world/search?tag=blind" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#blind</a> <a href="https://friendica.world/search?tag=Google" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Google</a> <a href="https://friendica.world/search?tag=GMail" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#GMail</a> <a href="https://friendica.world/search?tag=IOS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#IOS</a> <a href="https://friendica.world/search?tag=Narrator" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Narrator</a> <a href="https://friendica.world/search?tag=NVDA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#NVDA</a> <a href="https://friendica.world/search?tag=sms" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#sms</a> <a href="https://friendica.world/search?tag=Talkback" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Talkback</a> <a href="https://friendica.world/search?tag=technology" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#technology</a> <a href="https://friendica.world/search?tag=Voiceover" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Voiceover</a> <a href="https://friendica.world/search?tag=Windows" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Windows</a>

Erik van StratenBiggest phishing-test in historySo some weirdo, possibly Elon Musk, instructs you to reply by mail informing him what you did last week.😱 You will be fired if you do - for failing the phishing test. You should have known that it's a hoax because Elon Musk just fired all the people who could read all of those mails.And you should have known that you should not share confidential information via email because you don't know for sure who the recipient is. Neither do you know who reads the mail "on its way" and neither does the recipient know that you are who you say that you are.Finaly, some mail ends up in spam boxes or gets dropped for frivolous reasons (Postel@RFC5321.whatever.tld) (edited 17:23 UTC - corrected the RFC nr. 825 is not SMTP - sorry!)😱 You will be fired if you don't.It's a witch hunt. The Trump govt throws you in the water. You are not a witch if you drown.<a href="https://blogs.loc.gov/law/2022/02/swimming-a-witch-evidence-in-17th-century-english-witchcraft-trials/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://blogs.loc.gov/law/2022/02/swimming-a-witch-evidence-in-17th-century-english-witchcraft-trials/</a><a href="https://infosec.exchange/tags/Authenticity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Authenticity</a> <a href="https://infosec.exchange/tags/Authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Authentication</a> <a href="https://infosec.exchange/tags/Impersonation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Impersonation</a> <a href="https://infosec.exchange/tags/Phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Phishing</a> <a href="https://infosec.exchange/tags/PhishingTest" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PhishingTest</a> <a href="https://infosec.exchange/tags/InternetSucks" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#InternetSucks</a> <a href="https://infosec.exchange/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#InfoSec</a>

Aral BalkanNew Kitten release• Fixes redirection from sign-in page when person is already authenticated.<a href="https://kitten.small-web.org" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://kitten.small-web.org</a>To learn more about how Kitten automatically implements authentication for your Small Web sites and apps using public-key cryptography (so even your own server doesn’t know your secret)¹, please see the Authentication tutorial:<a href="https://kitten.small-web.org/tutorials/authentication/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://kitten.small-web.org/tutorials/authentication/</a>Enjoy!:kitten:💕¹ The security (and privacy) of Domain/Kitten are based on a 32-byte cryptographically random secret string that only the person who owns/controls a domain knows.This is basically a Base256-encoded ed25519 secret key where the Base256 alphabet is a set of curated emoji surrogate pairs without any special modifiers chosen mainly from the animals, plants, and food groups with some exceptions (to avoid common phobias or triggers, etc.) that we call KittenMoji.…When setting up a Small Web app via Domain, this key is generated in the person’s browser, on their own computer, and is never communicated to either the Domain instance or the Kitten app being installed. Instead the ed25519 public key is sent to both and signed token authentication is used when the server needs to verify the owner’s identity (e.g., before allowing access to the administration area).The expected/encouraged behaviour is for the person to store this secret in their password manager of choice.More: <a href="https://kitten.small-web.org/reference/#cryptographic-properties" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://kitten.small-web.org/reference/#cryptographic-properties</a><a href="https://mastodon.ar.al/tags/Kitten" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Kitten</a> <a href="https://mastodon.ar.al/tags/SmallWeb" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SmallWeb</a> <a href="https://mastodon.ar.al/tags/SmallTech" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SmallTech</a> <a href="https://mastodon.ar.al/tags/authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#authentication</a> <a href="https://mastodon.ar.al/tags/publicKeyCryptography" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#publicKeyCryptography</a> <a href="https://mastodon.ar.al/tags/web" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#web</a> <a href="https://mastodon.ar.al/tags/dev" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#dev</a> <a href="https://mastodon.ar.al/tags/NodeJS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#NodeJS</a> <a href="https://mastodon.ar.al/tags/JavaScript" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#JavaScript</a> <a href="https://mastodon.ar.al/tags/HTML" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#HTML</a> <a href="https://mastodon.ar.al/tags/CSS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CSS</a>

Schneier on Security RSSDevice Code PhishingThis isn’t new, but it’s increasingly popular: The technique is known as devic... <a href="https://www.schneier.com/blog/archives/2025/02/device-code-phishing.html" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.schneier.com/blog/archives/2025/02/device-code-phishing.html</a> <a href="https://burn.capital/tags/authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#authentication</a> <a href="https://burn.capital/tags/Uncategorized" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Uncategorized</a> <a href="https://burn.capital/tags/authorization" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#authorization</a> <a href="https://burn.capital/tags/phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#phishing</a> <a href="https://burn.capital/tags/Russia" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Russia</a>

Erik van StratenFsck de overheid: "Het automatiseren van certificaatbeheer door de overheid op basis van ACME zorgt voor het efficiënter en betrouwbaarder verkrijgen, vernieuwen en intrekken van TLS-certificaten. Dit maakt de digitale overheid betrouwbaarder, wendbaarder en minder leveranciersafhankelijk", aldus de experts. "Daarnaast vermindert het gebruik van ACME de beheerlast voor het beheer van TLS-certificaten." <a href="https://www.security.nl/posting/876900/ACME+voor+uitgifte+tls-certificaten+wordt+mogelijk+verplicht+voor+overheid" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.security.nl/posting/876900/ACME+voor+uitgifte+tls-certificaten+wordt+mogelijk+verplicht+voor+overheid</a>.In een tijd waarin burgers, online, met steeds hogere betrouwbaarheid moeten authenticeren (o.a. voor online leeftijdsverificatie en binnenkort met eID's zoals EDIW/EUDIW), en de anonieme nepwebsites als paddenstoelen uit de grond schieten (*), is dit een *KRANKZINNIG* plan.(*) Daarbij geen strobreed in de weggelegd door BigTech - integendeel: medeplichtigheid aan cybercrime is hun verdienmodel geworden.Het grote risico hier zijn AitM- (Attacker in the Middle) aanvallen: nietsvermoedende mensen worden via een bericht of een Google zoekresultaat naar een nepwebsite gestuurd, die hen vraagt om bijv. een scan van hun paspoort te uploaden en een selfie-filmpje te maken.Beide stuurt de nepwebsite echter dóór naar een echte website, zoals van een bank, bijv. om een lening af te sluiten. De AitM neemt dat geld op, waarna het slachtoffer opdraait voor de schuld.Een ESSENTIËLE voorwaarde voor betrouwbare authenticatie is dat je de VERIFIEERDER kunt vertrouwen.Of dat zo is, weet je nooit zeker (ook offline niet). Het beste alternatief is dat je weet *WIE* de verifieerder is, en hoe betrouwbaar diens identiteit is vaatgesteld. Dat is, zonder meer, vervelend en prijzig voor eigenaren van websites waar klanten, burgers of patiënten risicovolle transacties doen en/of er vertrouwelijke gegevens mee uitwisselen - maar enorm in het belang van bezoekers van dergelijke websites.Betrouwbare authenticatie van (de juridisch aansprakelijke) eigenaar van een website m.b.v. een website-certificaat vormt *technisch* geen enkel probleem (dit *hadden* we al, maar is met een smoes gesloopt door Google).In gratis certificaten, bijvoorbeeld van Let's Encrypt (zoals gebruikt door de nepwebsites in onderstaand plaatje) staat uitsluitend een volstrekt anonieme domeinnaam; je hebt dus geen idee wie verantwoordelijk is voor de website.Juist bij overheidswebsites is het essentieel dat je weet dat het écht om een overheidswebsite gaat - iets dat bij de in het plaatje getoonde domeinnamen (ik heb de punt door + vervangen), zoals:• afhandelen-belasting+com • aflossen-belastingdienst+combeslist *niet* het geval is.En in de echte <a href="https://www.ggn.nl/contact/phishing/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.ggn.nl/contact/phishing/</a> kunt u voorbeelden zien van domeinnamen van nepwebsites, zoals ook te zien in onderstaand plaatje.Kennelijk lukt het niemand om dergelijke criminele websites uit de lucht te halen, terwijl de misdadigers er probleemloos Let's Encrypt certificaten voor *blijven* verkrijgen - naast dat de naar phishing stinkende domeinnamen zonder blikken of blozen worden verhuurd en nooit worden ingetrokken. Dit is simpelweg de SNELSTE en GOEDKOOPSTE oplossing voor eigenaren van websites; de *BEZOEKERS* van die websites draaien op voor alle risico's.Het onderstaande plaatje is van een Russische server, maar dit soort phishing websites vind je ook bij de vleet op door criminelen gehuurde servers van Google, Amazon, Microsoft, Digital Ocean, Cloudflare en kleinere westerse hostingbedrijven.Ben ik nou ÉCHT DE ÉNIGE die vindt dat deze gecriminaliseerde puinhoop keihard moet worden aangepakt?Zie mijn uitgebreide reactie in <a href="https://security.nl/posting/876914" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://security.nl/posting/876914</a> (beginnend met eenvoudige uitleg wat een website-certificaat is).Nb. naast certificaatuitgevers moeten ook browsers en het CA/B-forum op de schop. Doen we dit allemaal niet, dan wordt verder digitaliseren een gigantische puinhoop met steeds meer slachtoffers van identiteitsfraude.<a href="https://infosec.exchange/tags/DVcerts" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DVcerts</a> <a href="https://infosec.exchange/tags/ACME" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ACME</a> <a href="https://infosec.exchange/tags/LetsEncrypt" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#LetsEncrypt</a> <a href="https://infosec.exchange/tags/NepSites" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#NepSites</a> <a href="https://infosec.exchange/tags/NepWebSites" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#NepWebSites</a> <a href="https://infosec.exchange/tags/Phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Phishing</a> <a href="https://infosec.exchange/tags/Spoofing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Spoofing</a> <a href="https://infosec.exchange/tags/Scams" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Scams</a> <a href="https://infosec.exchange/tags/IdentiteitsFraude" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#IdentiteitsFraude</a> <a href="https://infosec.exchange/tags/Authenticatie" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Authenticatie</a> <a href="https://infosec.exchange/tags/Impersonatie" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Impersonatie</a> <a href="https://infosec.exchange/tags/GoogleIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#GoogleIsEvil</a> <a href="https://infosec.exchange/tags/BigTechIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#BigTechIsEvil</a> <a href="https://infosec.exchange/tags/FakeWebSites" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#FakeWebSites</a> <a href="https://infosec.exchange/tags/AnoniemeWebsites" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AnoniemeWebsites</a> <a href="https://infosec.exchange/tags/AnonymousWebsites" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AnonymousWebsites</a> <a href="https://infosec.exchange/tags/OnlineAuthenticatie" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OnlineAuthenticatie</a> <a href="https://infosec.exchange/tags/LeeftijdVerificatie" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#LeeftijdVerificatie</a> <a href="https://infosec.exchange/tags/OnlineLeeftijdVerificatie" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OnlineLeeftijdVerificatie</a> <a href="https://infosec.exchange/tags/Authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Authentication</a> <a href="https://infosec.exchange/tags/Impersonation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Impersonation</a> <a href="https://infosec.exchange/tags/OnlineAuthentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OnlineAuthentication</a> <a href="https://infosec.exchange/tags/AgeVerification" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AgeVerification</a> <a href="https://infosec.exchange/tags/OnlineAgeVerification" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OnlineAgeVerification</a> <a href="https://infosec.exchange/tags/AitM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AitM</a> <a href="https://infosec.exchange/tags/MitM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#MitM</a> <a href="https://infosec.exchange/tags/Evilginx2" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Evilginx2</a>

Schneier on Security RSSPairwise Authentication of HumansHere’s an easy system for two humans to remotely authenticate to each other, so they can be sure that neither are digital impersonations. To mitigate that risk, I have develop... <a href="https://www.schneier.com/blog/archives/2025/02/pairwise-authentication-of-humans.html" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.schneier.com/blog/archives/2025/02/pairwise-authentication-of-humans.html</a> <a href="https://burn.capital/tags/authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#authentication</a> <a href="https://burn.capital/tags/Uncategorized" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Uncategorized</a> <a href="https://burn.capital/tags/protocols" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#protocols</a>

Erik van Straten<a href="https://infosec.exchange/@_r_netsec" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@_r_netsec</a> : Alex Weinert (Identity Security VP at Microsoft) already knew about this in 2019.His recommendation: just keep using Microsoft Authenticator...<a href="https://infosec.exchange/tags/MicrosoftAuthenticator" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#MicrosoftAuthenticator</a> <a href="https://infosec.exchange/tags/WeakMFA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#WeakMFA</a> <a href="https://infosec.exchange/tags/AitM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AitM</a> <a href="https://infosec.exchange/tags/Evilginx2" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Evilginx2</a> <a href="https://infosec.exchange/tags/Weak2FA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Weak2FA</a> <a href="https://infosec.exchange/tags/NumberMatching" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#NumberMatching</a> <a href="https://infosec.exchange/tags/TOTP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#TOTP</a> <a href="https://infosec.exchange/tags/AuthenticatorApps" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AuthenticatorApps</a> <a href="https://infosec.exchange/tags/MissingDomainNameCheck" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#MissingDomainNameCheck</a> <a href="https://infosec.exchange/tags/WeakAuthentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#WeakAuthentication</a> <a href="https://infosec.exchange/tags/Authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Authentication</a> <a href="https://infosec.exchange/tags/Impersonation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Impersonation</a>

Recent searches

Search options

Administered by:

Server stats:

#authentication