#certificates

anonymiss@despora.de

#Android: Platform #certificates used to sign #malware

source: https://bugs.chromium.org/p/apvi/issues/detail?id=100

Listed below are the SHA256 hashes of the platform signing certificates and the SHA256 hashes of correctly signed malware using the platform #certificate.

If we built our houses the way we develop our #software, the smallest woodpecker could collapse our #civilization.

#os #security #mobile #fail #problem #danger #news #smartphone

nowisthetime@pod.automat.click
carstenraddatz@pluspora.com

Crypto is hard. Certificate validation can be too. GDATA says the German Coronavirus Warning App (CWA), which got added a digital certificate wallet function to recently, lacks any validation.

The researchers were able to add Robert Koch's certificate (*1843) to the app - the only criterion the app checks is that two weeks since the 2nd shot have passed. Oh, a century? Never mind, here you go. >_<

To be fair, the recommended way is using the official CovPass App, which does the self-evident check.

https://www.gdata.de/blog/digitaler-impfnachweis-schwaechen-bei-der-sicherheit

#cwa #gdata #certificates #certificate #validation #fail #covpass #crypto

aliceinwonderland@diasp.eu

Let's Encrypt Has Issued its First Million Certificates - Participate here

graph

A million certificates is in itself pretty good progress. But a single certificate can cover multiple domain names, and the million certificates Let's Encrypt has issued are actually valid for 2.5 million fully-qualified domain names, over 90% of which had never been reachable by browser-valid HTTPS before.

#diaspora #EFF #HTTPS #certificates #LetsEncrypt