@SwiftOnSecurity Not sure if you saw this story about #TrustCor getting removed as a root CA, but it's fascinating as a failure in communications, and ultimately trust: https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/oxX69KFvsm4/m/etbBho-VBQAJ?pli=1 TrustCor wasn't accused of anything serious, but they bungled the response so epicly that they might as well have been.

This is genuinely fascinating watching a company basically destroy a large part of itself, not so much for what they originally did, but how they reacted when asked about it: https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/oxX69KFvsm4/m/etbBho-VBQAJ?pli=1 #cacert #rootca #certificates #trustcor

#Chrome, Safari, #Firefox: Die mysteriöse Firma, die in unseren Browsern steckt - Golem.de https://www.golem.de/news/chrome-safari-firefox-die-mysterioese-firma-die-in-unseren-browsern-steckt-2211-169708.html #Trustcor #CyberCrime #Datenschutz #privacy #surveillance #Überwachung #certificates #TLS #Browser #WebBrowser #ChromeBrowser #GoogleChrome #Google #Mozilla #Apple #SafariBrowser

#Chrome to Remove #TrustCor

https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/oxX69KFvsm4/m/PKpJf5W6AQAJ

Chrome will distrust #TrustCor across platforms in Chrome 111 (landing in Stable in March). No grace period for unexpired certificates, unlike Mozilla and Microsoft.

https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/oxX69KFvsm4/m/PKpJf5W6AQAJ

NF.sec – Bezpieczeństwo systemu Linux - Urzędy certyfikacji w systemach Linux mają zbyt prosty pogląd na „zaufanie”
https://nfsec.pl/security/6460

#ca #ca-certificates #certificate_authority #certs #distrust #mozilla #policy #ssl #store #tls #trustcor

#Mozilla and #Microsoft distrust #TrustCor certificates due to suspicions over covert spyware operation

I went ahead and de-registered the TrustCor certificates on all my personal machines. If you're running a Debian system you can do this by running, as root:
dpkg-reconfigure ca-certificates

You'll then be given an option to deselect certain certificates as "trusted".

https://www.techspot.com/news/96843-mozilla-microsoft-distrust-trustcor-certificates-due-suspicions-over.html

#privacy #security #cybersecurity @hen @techlore @sr @thenewoil

#Mozilla and #Microsoft distrust #TrustCor certificates due to suspicions over covert spyware operation

I went ahead and de-registered the TrustCor certificates on all my personal machines. If you're running a Debian system you can do this by running, as root:
dpkg-reconfigure ca-certificates

You'll then be given an option to deselect certain certificates as "trusted".

https://www.techspot.com/news/96843-mozilla-microsoft-distrust-trustcor-certificates-due-suspicions-over.html

#privacy #security #cybersecurity @hen @techlore @sr @thenewoil

#Trustcor: cut!

#Ubuntu 22.04 #Security Patch for #Mozilla #Firefox
* Add Trustcor root certificates to mozilla/blacklist.txt: (LP: #1998785)
- "TrustCor RootCert CA-1"
- "TrustCor RootCert CA-2"
- "TrustCor ECA-1"

It's obviously good that browsers and other trusted root CA database maintainers are dropping #TrustCor, but it's obviously bad that it got this far. As this article documents, this is just the most recent of many incidents involving suspicious root certificate authorities. We need to get better at this. #infosec
https://www.washingtonpost.com/technology/2022/11/30/trustcor-internet-authority-mozilla/

#Mozilla and #Microsoft moves to distrust the #TrustCor #CA

Background is that TrustCor has dubious military background. If Google will follow will still be debated.

https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/oxX69KFvsm4/m/yLohoVqtCgAJ

Microsoft and Mozilla have dropped #Trustcor. Apple and Google need to follow. https://www.washingtonpost.com/technology/2022/11/30/trustcor-internet-authority-mozilla/

@GossiTheDog Holy crap, what a read!

They got absolutely dogpiled on and destroyed by Mozilla, Google, and Apple (rightfully so) and their replies trying to weasel out of defending themselves publicly, and then reluctantly doing so while addressing 75% of their replies to dumb silly “readers” (us?) and the lamestream “media,” and not the people deciding their fate, hurt my brain to read. Just wow.

Did Elon buy a CA without any of us realizing...? #trustcor #infosec

When the allegations about #Trustcor first surfaced I thought, you know, maybe people are putting two and two together.

However from the thread it’s pretty clear they can’t answer simple questions, and shouldn’t be a trusted root CA. https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/oxX69KFvsm4

Berichte über den Zertifikatsanbieter #TrustCor Systems sorgen für Aufregung. Das Unternehmen, auf dessen Dienste etwa die Browser #Chrome, #Safari und #Firefox vertrauen, soll Beziehungen zur US-Regierung und zu einem #Spyware-Hersteller haben. Das könnte die Sicherheit von Webseitenaufrufen massiv gefährden. TrustCor Systems ist durch seine besondere Stellung als #Root-Zertifizierungsstelle auch in der Lage, andere Stellen zur Vergabe von Zertifikaten zu autorisieren.

Mysterious company with government ties plays key #internet role https://www.washingtonpost.com/technology/2022/11/08/trustcor-internet-addresses-government-connections/ #TrustCor

#Sicherheit des #Internets:

#Zertifizierungsstelle könnte Hintertür für #US-#Geheimdienst öffnen.

#Chrome, #Safari und #Firefox vertrauen den #Zertifikaten von #TrustCor Systems. Laut einem Bericht hat das Unternehmen jedoch Beziehungen zur US-Regierung und zu einem #Spyware-Hersteller. Das könnte die Sicherheit von Webseitenaufrufen massiv gefährden. ...

https://netzpolitik.org/2022/sicherheit-des-internets-zertifizierungsstelle-koennte-hintertuer-fuer-us-geheimdienst-oeffnen/

#Sicherheit des #Internets:

#Zertifizierungsstelle könnte Hintertür für #US-#Geheimdienst öffnen.

#Chrome, #Safari und #Firefox vertrauen den #Zertifikaten von #TrustCor Systems. Laut einem Bericht hat das Unternehmen jedoch Beziehungen zur US-Regierung und zu einem #Spyware-Hersteller. Das könnte die Sicherheit von Webseitenaufrufen massiv gefährden. ...

https://netzpolitik.org/2022/sicherheit-des-internets-zertifizierungsstelle-koennte-hintertuer-fuer-us-geheimdienst-oeffnen/

Interesting…

#rootCA #TrustCor #NoTransparency https://www.washingtonpost.com/technology/2022/11/08/trustcor-internet-addresses-government-connections/

@SibylleBerg

Hier kann man sehen, wie man den #Trustcor-Zertifikaten im Firefox sein Misstrauen aussprechen kann: https://mastodon.social/@hnapel/109313728787790793